Data Center Certification and Operations Compliance

External auditing validates that CoreSite data centers maintain stringent compliance standards for data center operations, security and reliability.

Data Center Locations Get a Quote

How CoreSite Helps You Achieve Data Center Certifications

CoreSite data center controls help our customers to meet a wide variety of regulatory requirements. Working with our current certifications and specific customer needs, CoreSite enables our customers to achieve a high level of certification within our data centers in all of these areas.

All compliance examinations are conducted by Schellman & Company, Inc., an independent, licensed CPA firm, QSA, and accredited ISO 27001 certification body by ANSI-ASQ National Accreditation Board (ANAB) and the United Kingdom Accreditation Services (UKAS).

All compliance reports and certifications apply to all operating multi-tenant data centers.

SOC 1 Type 2 and SOC 2 Type 2

Each year, an external auditing firm completes SOC 1 Type 2 and SOC 2 Type 2 reviews of all data centers operated by CoreSite. The report provides our customers with assurance of corporate controls, including security and environmental compliance, and validation of CoreSite's commitment to the most stringent standards of excellence in our data center operations.

SOC1 and SOC2 are attestation standards issued by the American Institute of Certified Public Accountants (AICPA) that addresses examination engagements for service providers. CoreSite leadership developed internal control objectives to support first-class data center management services that were used to complete the SOC 1 examination. The SOC 2 examination uses a standardized, third-party criteria to validate CoreSite’s compliance outlined in the Trust Services Principles.


An external assessment is completed each year by a Quality Service Assessor (QSA) to validate CoreSite’s compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) version 3.0 as a “Level 1” service provider for our colocation services. The scope of CoreSite’s assessment includes physical security and related policies at our data center facilities.

The PCI DSS is a comprehensive set of standards that require merchants and service providers that store, process, or transmit customer payment card data to adhere to strict information security controls and processes. It was created by the founding brands of the PCI Security Standards Council, which includes American Express, Discover Financial, JCB International, MasterCard Worldwide, and Visa Inc.

ISO 27001

CoreSite has achieved the International Organization for Standardization certification (ISO 27001) covering both corporate policies and procedures, as well as those of all our operating data centers. The ISO/IEC 27001:2013 certification is one of the most stringent certifications for information security controls, and confirms the information security controls and other forms of risk treatment are in place to detect and defend against potential data system vulnerabilities.

This prestigious, internationally-recognized certification reflects our commitment to provide CoreSite customers around the globe with secure, reliable, and high-performance data center colocation hosting solutions.

HIPAA Compliant

HIPAA Compliance

HIPAA requires that covered entities take strong measures to protect the privacy and security of health information. By attaining HIPAA validation through an external AT 101 attestation, CoreSite provides assurance to healthcare providers and other related enterprises that its national platform of multi-tenant data centers conforms to a high standard of data security and provides a secure environment for customers’ sensitive and confidential data.

The validation asserts that the information security program governing the colocation services implements applicable control guidance in HIPAA Security Rule and the Health Information Technology for Economic and Clinical Health (HITECH) Act requirements.