DataBank performs a number of annual audits in each of our data centers facilities. The standards we engage in give DataBank clients peace of mind in the knowledge their IT equipment is housed within a top-tier facility adhering to the most stringent audit requirements in the industry. In addition, we are committed to assisting our clients achieve their own compliance audits.
As a provider of data center services to some of the largest publicly traded companies in the world, DataBank commits to perform a rigorous SSAE-16 audit in every one of our data center facilities. The SSAE-16 audit framework is officially known as a "Report on Controls Placed in Operation and Tests of Operating Effectiveness" or a "Service Auditor's Report." SSAE-16 (Statement on Standards for Attestation Engagements) includes service auditor reports on the fairness of management's description of the service organization's system controls, design, and operating effectiveness over a one year period. audits are conducted by an impartial independent third party. The verification agency is a licensed CPA firm which conducts the audit to assure that the control activities described in a service provider's audit both suitably designed to meet specified control objectives, and those controls are in place and operating effectively. These reports are generally required by a variety of customers and their own auditors. By performing these audits proactively and delivering them to clients, DataBank saves them an enormous amount of both manpower and capital which would otherwise need to be performed by them. Performing these audit reports also allows for a de facto standard to be met in performing first-hand verification in conjunction with financial statement audits such as FISMA or Sarbanes-Oxley compliance.
PCI-DSS is an abbreviation for Payment Card Industry Data Security Standards, this governing body sets the worldwide information security standards for credit card transactions to help control and minimize points of risk to fraud or compromise of sensitive information. PCI Compliance is an adherence to these rigorous standards in the way your business conducts and handles the information. DataBank provides the facility and critical infrastructure which complies to a RoC(Report on Compliance), that is issued annually to our facilities. The RoC ensures we meet or exceed all of the audit controls. For this reason many companies and merchants choose to conduct their credit card business within our secure facilities. In that capacity, DataBank has specific responsibilities that must be PCI Compliant. As a provider of data center services to some of the largest publicly traded companies in the world, DataBank is committed to performing PCI-DSS audits on an annual basis.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides federal protections for personal health information (PHI), and specifies administrative, physical, and technical safeguards to assure the confidentiality, integrity, and availability of electronic protected health information (ePHI). With our annual HIPAA Attestation, DataBank adheres to physical security standards under HIPAA guidelines for the housing of customer servers containing sensitive data, which may contain hardcopy PHI or ePHI data.
DataBank complies with the U.S.-EU Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. DataBank has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view DataBank's certification, please visit - www.export.gov/safeharbor.
Other Compliance Standards
DataBank can leverage both our own rigorous SSAE-16 audit controls and our PCI-DSS RoC with industry high standards, to aid our clients in meeting their own audit requirements for a variety of industry and government compliance standards.