Skip to content
CoreSite Helps Customers Accelerate AI Adoption as NVIDIA DGX-Ready Data Center Partner. Read News
Close
SEARCH
Get A Quote
Get A Quote
WEST
CENTRAL
NORTHEAST
MID-ATLANTIC
SOUTHEAST

nav-Colocation-Light-

COLOCATION

nav-Interconnection-Light

INTERCONNECTION

nav-Cloud-Networking-Light

CLOUD NETWORKING

nav-Industry-Soolutions-Light

INDUSTRY SOLUTIONS

nav-Interconnection-Light

CORESITE MARKETPLACE

Take advantage of our diverse and ever-growing customer ecosystem to quickly identify and connect to IT services available in and across our 11 edge markets.

nav-coresite-partner-program

CORESITE PARTNER PROGRAM

An entire ecosystem dedicated to solving customers’ most pressing IT challenges.

nav-channel-partner-program

CHANNEL PARTNERS

Discover why Channel Partners prefer to partner with CoreSite.

RESOURCES

Case studies, videos, spec sheets and data center industry insights.

menu-coresite-state-of-the-data-center-2024-download

 

RESOURCE LIBRARY

INTERCONNECTION LISTS
DATA CENTER FEATURES

Compliance Certifications and Standards

Verified Compliance with Data Center Operations, Security and Reliability Regulations

Compliance by Location
OVERVIEW

Ensuring Compliance with a Variety of Data Center Certifications

Compliance is critical when selecting a hybrid IT infrastructure. CoreSite enables customers to meet a broad range of regulatory requirements within our data centers, including SOC 1 Type 2, SOC 2 Type 2, ISO 27001, NIST 800-53, PCI DSS and HIPAA. Our data centers undergo annual assessments by independent auditors, ensuring adherence to processes, employee training, technical operations, incident management, best practices, and security controls.

By partnering with CoreSite, you can trust that your data center provider and your company remain compliant.

green isometric drawing of a server secured in a transparent blue box data center compliance

CoreSite Data Center Compliance and Attestation

Simplify data and asset protection while streamlining your compliance process.
security camera icon
SOC 1 TYPE 2 AND SOC 2 TYPE 2

Each year, an external auditing firm conducts System and Organization Controls (SOC) 1 Type 2 and SOC 2 Type 2 reviews of our data centers. These reports provide assurance of corporate controls, including security and environmental compliance, and validate CoreSite's commitment to maintaining the highest standards in data center operations.

SOC 1 and SOC 2 are attestation standards issued by the American Institute of Certified Public Accountants (AICPA). The SOC 1 report is intended for user entities’ management and auditors, focusing on the effect of a service organization’s controls on financial statement assertions. The SOC 2 report addresses a broader range of users who need to understand internal controls related to security, availability, processing integrity, confidentiality and privacy. CoreSite’s SOC 2 reports include the security and availability Trust Services categories.
Check mark contained by shield shape reliability and security icon
ISO 27001

CoreSite has achieved the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) 27001 certification, which encompasses the processes, policies, and procedures at our corporate office and across all operating data centers. ISO/IEC 27001 is one of the most stringent certifications for information security management system controls. It confirms that we have effective security controls and risk management measures in place to identify, protect, detect, defend and recover from potential information system vulnerabilities. This prestigious, internationally recognized certification reflects our commitment to providing CoreSite customers worldwide with secure, reliable and high-performance data center colocation hosting solutions.

 
Government building icon
NIST 800-53 (SUPPORTING FISMA/FEDRAMP)
Each year, an external auditing firm assesses CoreSite’s adherence to the National Institute of Standards and Technology Publication Series 800-53 (NIST 800-53) high-impact baseline controls and additional Federal Risk and Authorization Management Program (FedRAMP) requirements. This assessment supports our customers’ Federal Information Security Management Act (FISMA) and FedRAMP compliance efforts by validating our rigorous compliance standards. The scope of CoreSite’s assessment includes a subset of control families applicable to colocation services at our data center facilities. The utilization of the high-impact baseline controls for NIST 800-53 reflects CoreSite’s commitment to successfully delivering the most rigorous compliance standards to support our customers’ Federal Information Security Management Act (FISMA) and FedRAMP compliance efforts.

NIST 800-53 is a publication by the National Institute of Standards and Technology, recommending security controls for federal information systems. These standards help federal agencies implement FISMA and manage other programs to protect information and promote information security.
Financial building with dollar sign icon
PCI DSS
An external Qualified Service Assessor (QSA) annually validates CoreSite’s compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) as a “Level 1” service provider. The scope of our assessment includes physical security and related policies at our data center facilities.

PCI DSS is a comprehensive set of standards requiring merchants and service providers that store, process, or transmit customer payment card data to adhere to strict information security controls. As a provider of data center colocation services, CoreSite proactively meets relevant requirements to support our customers' PCI compliance needs.
EKG line contained in a heart Healthcare icon
HIPAA
HIPAA mandates strong measures to protect the privacy and security of electronic protected health information (ePHI). CoreSite's HIPAA validation through external attestation assures healthcare providers and related enterprises that our national platform of multi-tenant data centers adheres to high standards of data security, providing a secure environment for sensitive and confidential data.

This validation asserts that the information security program governing our colocation services implements applicable controls as outlined in the HIPAA Security Rule and the Health Information Technology for Economic and Clinical Health Act (HITECH) Breach Notification requirements.
IMAGE (1)
DATA CENTER COMPLIANCE

Frequently Asked Questions

WHAT IS SOC 1 TYPE 2 AND SOC 2 TYPE 2? SOC stands for System and Organization Controls. SOC 1 and SOC 2 are attestation standards issued by the American Institute of Certified Public Accountants (AICPA). SOC 1 covers the effect of a service organization’s controls on the user entity’s financial statement assertions. SOC 2 covers internal control at a service organization as it relates to security, availability, processing integrity, confidentiality and privacy.
WHAT IS FISMA? The Federal Information Security Management Act (FISMA), passed in December 2002, requires each federal agency to develop, document and implement an agency-wide program to provide information security for the information and systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor or other sources.
WHAT IS FEDRAMP? The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security authorizations for cloud service offerings. In December 2022, the FedRAMP Authorization Act codified the FedRAMP program as the authoritative standardized approach to security assessment and authorization for cloud computing products and services that process unclassified federal information.
WHAT IS PCI DSS? The Payment Card Industry Data Security Standard (PCI DSS) is a comprehensive set of standards that require merchants and service providers that store, process or transmit customer payment card data to adhere to strict information security controls and processes.
WHAT IS HIPAA? The American Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a U.S. law regulating the healthcare industry by establishing national standards to protect sensitive patient health data.
What is HITECH? The Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) is a U.S. law enacted to drive the use of electronic medical records (EMRs) in the healthcare industry and establish guidelines to protect patient data.