External auditing validates that CoreSite data centers maintain stringent compliance standards for data center operations, security, and reliability.
CoreSite data center controls help our customers to meet a wide variety of regulatory requirements. Working with our current certifications and specific customer needs, CoreSite enables our customers to achieve a high level of certification within our data centers in all of these areas.
All compliance examinations and assessments are conducted by Schellman & Company, LLC, an independent CPA firm, a globally licensed PCI Qualified Security Assessor, an ISO Certification Body, HITRUST CSF Assessor, and a FedRAMP Third Party Assessment Organization (3PAO). All compliance reports and certifications apply to all operating multi-tenant data centers.
Each year, an external auditing firm completes System and Organization Controls (SOC) 1 Type 2 and SOC 2 Type 2 reviews of our data center facilities. The reports provide our customers with the assurance of corporate controls, including security and environmental compliance, and validation of CoreSite's commitment to the most stringent standards of excellence in our data center operations.
SOC 1 and SOC 2 are attestation standards issued by the American Institute of Certified Public Accountants (AICPA). The SOC 1 report is intended to meet the needs of user entities’ management and auditors as they evaluate the effect of a service organization’s controls on the user entity’s financial statement assertions. The SOC 2 report is intended to meet the needs of a broad range of users that need to understand internal control at a service organization as it relates to security, availability, processing integrity, confidentiality, and privacy. CoreSite’s SOC 2 reports include the security and availability Trust Services categories.
CoreSite has achieved the International Organization for Standardization certification (ISO 27001) covering both corporate policies and procedures, as well as those of all our operating data centers. The ISO/IEC 27001:2013 certification is one of the most stringent certifications for information security controls, and confirms the information security controls and other forms of risk treatment are in place to detect and defend against potential data system vulnerabilities. This prestigious, internationally-recognized certification reflects our commitment to provide CoreSite customers around the globe with secure, reliable, and high-performance data center colocation hosting solutions.
Each year, an independent Third Party Assessment Organization (3PAO) firm completes an external assessment to validate CoreSite’s strict adherence to the National Institute of Standards and Technology Publication Series 800-53 (NIST 800-53) high-impact baseline controls and additional Federal Risk and Authorization Management Program (FedRAMP) requirements. The scope of CoreSite’s assessment includes a subset of control families applicable to colocation services at our data center facilities. The utilization of the high-impact baseline controls for NIST 800-53 reflects CoreSite’s commitment to successfully delivering the most rigorous compliance standards to support our customers’ Federal Information Security Management Act (FISMA) and FedRAMP compliance efforts.
NIST 800-53 is a publication that recommends security controls for federal information systems and organizations. NIST 800-53 is published by the National Institute of Standards and Technology which creates and promotes the standards used by federal agencies to implement FISMA and manage other programs designed to protect information and promote information security.
Each year, a Quality Service Assessor (QSA) completes an external assessment to validate CoreSite’s compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) as a “Level 1” service provider for our colocation services. The scope of CoreSite’s assessment includes physical security and related policies at our data center facilities.
The PCI DSS is a comprehensive set of standards that require merchants and service providers that store, process, or transmit customer payment card data to adhere to strict information security controls and processes. As a provider of data center colocation services, CoreSite has proactively met the relevant requirements for its business in support of the PCI compliance needs of its customers.
HIPAA requires that covered entities take strong measures to protect the privacy and security of electronic protected health information (ePHI). By attaining HIPAA validation through an external attestation, CoreSite provides assurance to healthcare providers and other related enterprises that its national platform of multi-tenant data centers conforms to a high standard of data security and provides a secure environment for customers’ sensitive and confidential data.
The validation asserts that the information security program governing the colocation services implements applicable control guidance in the HIPAA Security Rule and the Health Information Technology for Economic and Clinical Health Act (HITECH) Breach Notification requirements.
24x7x365 on-site, continuously-trained security personnel and multiple layers of physical and non-physical security technology safeguard CoreSite data centers.
From basic training, to continuous practice scenarios and drills, to storm preparation and even your everyday customer service, our CoreSite Operations team is prepared to handle any event.
CoreSite provides efficient, reliable, high-performance solutions for power and cooling using industry best practices to meet the requirements of our customers.
Our data centers offer a variety of amenities, catering to our customer’s business needs and providing them with a comfortable work environment while on-site at our facilities.