• Compliance and Certification

    • certifications_and_compliance.jpg

Industry compliance and certifications reinforce our operational excellence

We’re serious about security, process controls and environmental stewardship – and we know these values are important to our customers, too. We go the extra mile to attain data center and security industry accreditations that our commercial customers can be sure their mission-critical IT systems are safe at our data center colocation facilities. 

When it comes time to perform your own audits and accreditation processes, we’re standing by to help with facility tours and interviews with our IT security and physical security professionals – without any extra fees. 

Americas certifications

SOC1 and SOC2 Type II

SOC reports help service organizations that provide services to other businesses build trust and confidence in the service performed. Every year, we complete the SOC1 and SOC2 Type II audits with a nationally recognized accounting firm with zero exceptions. Our hardened physical security and audited process controls give our customers assurance that we take their data security seriously and will keep their IT systems secure.

Learn more

ISO 27001

The requirements for Information Security Management Systems (ISMS) are based on the ISO 27001 standard and supports us to keep information assets secure.  ISMS consists of a framework of policies, procedures and security controls that protect the confidentiality, availability, and integrity of assets from threats and vulnerabilities. 

Learn more

PCI DSS

Our dedication to strict physical access controls and network security gives our clients peace of mind that we proactively safeguard their consumer information. Payment Card Industry Data Security Standard (PCI DSS) is a vital industry standard for the protection of sensitive cardholder data, and as a data center service provider, we meet the applicable PCI DSS requirements at all of our data centers.

Learn more

LEED Gold

LEED, or Leadership in Energy and Environmental Design, is an internationally-recognized green building certification system. LEED provides building owners and operators with a framework for identifying and implementing practical and measurable green building design, construction, operations, and maintenance solutions. LEED Gold certification demonstrates our commitment to greater efficiency in energy, lighting and water use, as well as the utilization of recycled and reused materials during the construction process.

Learn more

EPA ENERGY STAR

This accomplishment signifies that the building performs in the top 25 percent of similar facilities nationwide for energy efficiency and meets the EPA's strict energy efficiency performance levels. On average, ENERGY STAR certified buildings use 35 percent less energy and generate 35 percent fewer greenhouse gas emissions than their peers.

Learn more

HIPAA

The HIPAA Security Rule of 2003 requires covered entities to implement or address over 50 administrative, physical, and technical safeguards designed to ensure the confidentiality, availability, and integrity of electronic protected health information (ePHI), including the prevention of unauthorized access to ePHI. The HIPAA Security Rule has become the de facto security standard for the healthcare industry.

Learn more

NIST 800-53 High

NIST 800-53, published by the National Institute of Standards and Technology, recommends security controls for federal information systems and organizations. We have implemented the NIST 800-53 high baseline controls necessary to support our customers' Federal Information Security Management Act (FISMA) compliance efforts.

Learn more

 

APAC certifications

ISO 27001 

ISO 27001 is an international standard outlining best practices for an information security management system (ISMS), which is a framework of policies and procedures that includes all legal, physical, and technical controls involved in an organization's information risk management processes. 

PCI DSS 

Our dedication to strict physical access controls and network security gives our clients peace of mind that we proactively safeguard their consumer information. Payment Card Industry Data Security Standard (PCI DSS) is a vital industry standard for the protection of sensitive cardholder data, and as a data center service provider, we meet the applicable PCI DSS requirements at all of our data centers.

SOC1 and 2

SOC reports help service organizations that provide services to other businesses build trust and confidence in the service performed. SOC1 is an assessment of the internal control of the trustee company in relation to the financial reporting of the trustee company; SOC2 is an assessment of the internal control of the trustee company in the trustee business areas such as security, confidentiality, solubility, privacy, and integrity of processing (international standards are ISAE3402 for SOC1, ISAE3000 for SOC2, and SSAE18 for the United States). 

ISO 9001 

ISO 9001 is the international standard that specifies the requirements on Quality Management Systems (QMS) that help regulate, maintain and control the quality of our services at all our data centers. It ensures consistency to meet customer and regulatory requirements.  

TVRA (Threat, Vulnerability and Risk Assessment)

TVRA is a requirement issued by the MSA for financial institutions headquartered in Singapore with overseas branches, as a control measure required by OSPAR and the MSA.

Uptime M&O 

Uptime M&O is the global operating standards for data centers. 

ISO 50001 

With the implementation and improvement of the Energy Management System (EnMS) according to the ISO 50001 standard, the planning and operation of energy supply systems as well as the conservation of resources and the associated cost reduction in energy use are considered. Our focus is to continuously monitor system efficiency -  identifying opportunities for improvement and optimizing the efficiency of existing facilities and systems.

LEED Gold

LEED, or Leadership in Energy and Environmental Design, is an internationally-recognized green building certification system. LEED provides building owners and operators with a framework for identifying and implementing practical and measurable green building design, construction, operations, and maintenance solutions. LEED Gold certification is for our Serangoon data center in Singapore and demonstrates our commitment to greater efficiency in energy, lighting and water use, as well as the utilization of recycled and reused materials during the construction process.

We also have LEED as Platinum Design in our Financial Data Center 2 in Hong Kong and LEED as Bronze Design in our Cyberjaya 3 Data Center in Malaysia.

TIA-942 Rated 3 

Design standards for data centers are established by the TIA. The Rated 3 is required to have redundancy which does not affect the IT crisis at the time of facility maintenance or failure.

TIA-942 DCCC and DCDV

The TIA-942 Site/Facilities Certification (DCCC) indicates that the data center facility under scope has been physically inspected for conformity to the design criteria of the TIA-942 standard for the respective rating level.
TIA-942 Design Certification (DCDV) indicates that the design documents of the data center under scope have been reviewed for conformity to the design criteria of the TIA-942 standard for the respective rating level.

ISO 45001 (OSHMS)

ISO 45001 is the international standard for occupational health and safety management systems. 

DCOS

DCOS are data center operation standards established by EPI.

OSPAR

The Association of Banks in Singapore (ABS) has issued guidelines on information security measures for Outsourcing Service Providers (OSPs) who wish to provide services to Financial Institutions (FIs) operating in Singapore. OSPAR is issued with an audit report stating that it has been audited by a third party and meets the standards.

SMETA

SMETA (Sedex Members Ethical Trade Audit) is the most widely used social audit in the world. SMETA is Sedex’s social auditing methodology, enabling businesses to assess their sites and suppliers to understand working conditions in their supply chain.

 

EMEA certifications

ISO 9001 

ISO 9001 is the international standard that specifies the requirements on Quality Management Systems (QMS) that help regulate, maintain and control the quality of our services at all our data centers. It ensures consistency to meet customer and regulatory requirements. 

ISO 27001 

The requirements for Information Security Management Systems (ISMS) are based on the ISO 27001 standard and supports us to keep information assets secure.  ISMS consists of a framework of policies, procedures and security controls that protect the confidentiality, availability, and integrity of assets from threats and vulnerabilities. 

PCI DSS 

Our dedication to strict physical access controls and network security gives our clients peace of mind that we proactively safeguard their consumer information. Payment Card Industry Data Security Standard (PCI DSS) is a vital industry standard for the protection of sensitive cardholder data, and as a data center service provider, we meet the applicable PCI DSS requirements at all of our data centers.

KRITIS §8a (3) BSIG 

In Germany, our data centers are audited in accordance with the legal requirements of §8a (3) BSIG for critical infrastructures (KRITIS). This audit verifies our precautions to prevent disruptions to the availability, integrity, authenticity, and confidentiality of our information technology systems, components, or processes which are imperative to the functioning of critical infrastructures. 

ISO 14001 

ISO 14001 standard covers the design, implementation and improvement of Environmental Management Systems (EMS). We use the framework to measure and improve the way resources are used and disposed of by our data centers in the United Kingdom. Greater resource efficiency and waste management help to sustainably protect the environment.

ISO 50001

With the implementation and improvement of the Energy Management System (EnMS) according to the ISO 50001 standard, the planning and operation of energy supply systems as well as the conservation of resources and the associated cost reduction in energy use are considered. Our focus is to continuously monitor system efficiency -  identifying opportunities for improvement and optimizing the efficiency of existing facilities and systems.

EN 50600  

The European-standard EN 50600 uses a holistic approach to provide comprehensive specifications for the planning, construction and operation of a data center. It defines requirements for the planning of building construction, power supply, air conditioning, cabling, security systems, and specifies criteria for the operation of data centers.

ISAE 3402 Type II Report 

We operate an internal control system (ICS) to ensure the quality of the services provided to our clients. The effectiveness of the ICS is audited annually by independent auditors for our data centers within the scope according to the International Standard on Assurance Engagements Assurance Reports on Controls at a Service Organization (ISAE 3402 Type II). 

ISAE 3000 Report Type 1 / FINMA 

For our Zurich 1 Data Center, we provide a report on the description of the internal control system for adherence to the FINMA Circular 2018/3 requirements regarding the dealing with outsourcing risks (applicable to outsourcing solutions at banks, securities dealers, and insurance companies) and the suitability of the design of controls to support the adherence to the principles specified in the FINMA Circulars. 

BREEAM UK  

BREAM UK certification for our London 1 Data Center (Building A) demonstrates our commitment to greater efficiency in energy, lighting and water use, as well as the utilization of recycled and reused materials. Our facility design process focuses on achieving a model of energy and material efficiency through numerous design innovations and green construction techniques.  

 

India certifications

ISO 9001

ISO 9001 is the international standard that specifies the requirements on Quality Management Systems (QMS) that help regulate, maintain and control the quality of our services at all our data centers. It ensures consistency to meet customer and regulatory requirements. 

ISO 27001

The requirements for Information Security Management Systems (ISMS) are based on the ISO 27001 standard and supports us to keep information assets secure.  ISMS consists of a framework of policies, procedures and security controls that protect the confidentiality, availability, and integrity of assets from threats and vulnerabilities. 

ISO 20000

Ensures fulfilment of clients' needs by providing cost-effective, reliable and consistent IT services.

ISO 22301

Business continuity system to ensure business recovery from disruptive incidents.

PCI DSS

Our dedication to strict physical access controls and network security gives our clients peace of mind that we proactively safeguard their consumer information. Payment Card Industry Data Security Standard (PCI DSS) is a vital industry standard for the protection of sensitive cardholder data, and as a data center service provider, we meet the applicable PCI DSS requirements at all of our data centers.

SOC 1 and SOC 2

SOC reports help service organizations that provide services to other businesses build trust and confidence in the service performed. SOC1 is an assessment of the internal control of the trustee company in relation to the financial reporting of the trustee company; SOC2 is an assessment of the internal control of the trustee company in the trustee business areas such as security, confidentiality, solubility, privacy, and integrity of processing (international standards are ISAE3402 for SOC1, ISAE3000 for SOC2, and SSAE18 for the United States). 

TIA-942 Rated 3

Design standards for data centers are established by the TIA. The Rated 3 is required to have redundancy which does not affect the IT crisis at the time of facility maintenance or failure.