login contact: 866-956-9594

Compliance

let Latisys help solve your compliance puzzle

In today’s digital age, information security is paramount and an extremely important criterion when deciding to outsource your infrastructure. Whether you are in the ecommerce business, if you host sensitive health or financial information, or if your organization simply demands the highest levels of security, you understand the role that compliance plays in demonstrating how you protect your data. At Latisys we understand the significance of meeting compliance regimes such as the Payment Card Industry’s Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability (HIPAA) HITECH Privacy Rule and the Gramm-Leach-Bliley Act (GLBA) otherwise known as the Financial Services Modernization Act of 1999. Our data center infrastructure is compliance-ready and has been tested/audited by a 3rd party to ensure that the appropriate physical controls and information security policies are in place to protect your data and meet these standards.

Service Organization Controls (SOC) Reports

Latisys has successfully attained SOC 2 Type 2 and SOC 3 reports for its Ashburn, Chicago, Denver and Irvine data centers.

The American Institute of Certified Public Accountants (“AICPA”) recently created the Service Organization Control Report framework, and replaced SAS 70 with SSAE 16. Under the new framework, service organizations that handle customer financial data would now receive a SSAE16/SOC 1 report. IT Infrastructure-as-a-Service (IaaS) solution providers like Latisys are being audited under a new standard based on AT section 101 of AICPA professional standards and are issuing SOC 2 and SOC 3 reports. These new reports provide greater definition around internal controls.

The SOC 2 Report focuses on internal controls related to security, availability, confidentiality, processing integrity and privacy—validating that the system is protected against unauthorized physical and logical access. As with SAS 70 reports, an organization can receive either a Type 1 or a Type 2 report. Type 1 merely reports on the suitability of the controls, while Type 2 tests the effectiveness of the controls. The SOC 2 Type 2 report not only updates the SAS 70 standard by examining the suitability of the design of a provider’s internal controls, it goes a step further by documenting the operating effectiveness of those controls. Latisys’ SOC 2 Report is available to customers and prospective customers upon request and execution of Non-Disclosure Agreement (NDA). Please contact your account manager if you would like to have a copy of the report.

SOC 3 is a summary Trust Services Report that documents assurances on Latisys’ internal controls related to security, availability, confidentiality, processing integrity and privacy but without detailed description of tests and results contained in SOC 2. Latisys’ SOC 3 report can be downloaded here.

PCI

For companies that transmit and store credit card holder data, adherence to the PCI DSS 2.0 is essential to business operations. Coalfire, an independent IT auditing firm, has audited Latisys’ policies and procedures for compliance with sections 9 (physical controls) & 12 (information security policies) of PCI’s DSS and produced a Report on Compliance (RoC) which can be made available upon execution of non-disclosure agreement. Latisys also offers a variety of managed services to assist in other areas of the standard if your needs dictate additional assistance managing security practices such as firewall, VPN and intrusion detection.

HIPAA

With the release of HIPAA’s omnibus rule in January 2013, the role of a service provider has become that much more critical for companies that host electronic private health information (ePHI). The omnibus rule implemented a number or provisions from HIPAA HITECH and expanded the scope of the breach notification process to contractors and sub-contractors of those who process ePHI. Latisys is audit-ready and has you covered with a comprehensive third party risk assessment against the Latisys infrastructure, physical access controls and policies to ensure that your business conforms to the requirements of this compliance regime.

GLBA

The 1999 Gramm-Leach-Bliley Act was established primarily to enable consolidation among the financial services sector companies. But it also pursued enhanced protection of private consumer information disclosed to any financial institution. Hosting your infrastructure with Latisys means that your data will reside on an audit ready platform. A thorough third party risk assessment has been performed on this platform to ensure adequate controls and policies are in place to protect the data you host at Latisys.

Data Center Compliance Checklist

We've prepared a guide covering some of the basic information an organization should have before undergoing any sort of compliance audit. Download it here »

Ready to learn more?

Call 866-956-9594, chat live with a member of our team, or contact us to learn more..