Compliance and Certifications

Americas certifications

SOC reports help service organizations that provide services to other businesses build trust and confidence in the service performed. Every year, we complete the SOC1 and SOC2 Type II audits with a nationally recognized accounting firm. Our hardened physical security and audited process controls give our customers assurance that we take their data security seriously and will keep their IT systems secure.

The requirements for Information Security Management Systems (ISMS) are based on the ISO 27001 standard and supports us to keep information assets secure. ISMS consists of a framework of policies, procedures and security controls that protect the confidentiality, availability, and integrity of assets from threats and vulnerabilities.

Our dedication to strict physical access controls and network security gives our clients peace of mind that we proactively safeguard their consumer information. Payment Card Industry Data Security Standard (PCI DSS) is a vital industry standard for the protection of sensitive cardholder data, and as a data center service provider, we meet the applicable PCI DSS requirements at all of our data centers.

LEED, or Leadership in Energy and Environmental Design, is an internationally-recognized green building certification system. LEED provides building owners and operators with a framework for identifying and implementing practical and measurable green building design, construction, operations, and maintenance solutions. LEED Gold certification demonstrates our commitment to greater efficiency in energy, lighting and water use, as well as the utilization of recycled and reused materials during the construction process.

This accomplishment signifies that the building performs in the top 25 percent of similar facilities nationwide for energy efficiency and meets the EPA's strict energy efficiency performance levels. On average, ENERGY STAR certified buildings use 35 percent less energy and generate 35 percent fewer greenhouse gas emissions than their peers.

The HIPAA Security Rule of 2003 requires covered entities to implement or address over 50 administrative, physical, and technical safeguards designed to ensure the confidentiality, availability, and integrity of electronic protected health information (ePHI), including the prevention of unauthorized access to ePHI. The HIPAA Security Rule has become the de facto security standard for the healthcare industry.

NIST 800-53, published by the National Institute of Standards and Technology, recommends security controls for federal information systems and organizations. We have implemented the NIST 800-53 high baseline controls necessary to support our customers' Federal Information Security Management Act (FISMA) compliance efforts.

APAC certifications

ISO 27001 is an international standard outlining best practices for an information security management system (ISMS), which is a framework of policies and procedures that includes all legal, physical, and technical controls involved in an organization's information risk management processes.

Our dedication to strict physical access controls and network security gives our clients peace of mind that we proactively safeguard their consumer information. Payment Card Industry Data Security Standard (PCI DSS) is a vital industry standard for the protection of sensitive cardholder data, and as a data center service provider, we meet the applicable PCI DSS requirements at all of our data centers.

SOC reports help service organizations that provide services to other businesses build trust and confidence in the service performed. SOC1 is an assessment of the internal control of the trustee company in relation to the financial reporting of the trustee company; SOC2 is an assessment of the internal control of the trustee company in the trustee business areas such as security, confidentiality, solubility, privacy, and integrity of processing (international standards are ISAE3402 for SOC1, ISAE3000 for SOC2, and SSAE18 for the United States).

ISO 9001 is the international standard that specifies the requirements on Quality Management Systems (QMS) that help regulate, maintain and control the quality of our services at all our data centers. It ensures consistency to meet customer and regulatory requirements.

TVRA is a requirement issued by the MSA for financial institutions headquartered in Singapore with overseas branches, as a control measure required by OSPAR and the MSA.

Uptime M&O is the global operating standards for data centers.

With the implementation and improvement of the Energy Management System (EnMS) according to the ISO 50001 standard, the planning and operation of energy supply systems as well as the conservation of resources and the associated cost reduction in energy use are considered. Our focus is to continuously monitor system efficiency - identifying opportunities for improvement and optimizing the efficiency of existing facilities and systems.

LEED, or Leadership in Energy and Environmental Design, is an internationally-recognized green building certification system. LEED provides building owners and operators with a framework for identifying and implementing practical and measurable green building design, construction, operations, and maintenance solutions. LEED Gold certification is for our Serangoon data center in Singapore and demonstrates our commitment to greater efficiency in energy, lighting and water use, as well as the utilization of recycled and reused materials during the construction process.

We also have LEED as Platinum Design in our Financial Data Center 2 in Hong Kong and LEED as Bronze Design in our Cyberjaya 3 Data Center in Malaysia.

Design standards for data centers are established by the TIA. The Rated 3 is required to have redundancy which does not affect the IT crisis at the time of facility maintenance or failure.

The TIA-942 Site/Facilities Certification (DCCC) indicates that the data center facility under scope has been physically inspected for conformity to the design criteria of the TIA-942 standard for the respective rating level.

TIA-942 Design Certification (DCDV) indicates that the design documents of the data center under scope have been reviewed for conformity to the design criteria of the TIA-942 standard for the respective rating level.

ISO 45001 is the international standard for occupational health and safety management systems.

DCOS are data center operation standards established by EPI.

The Association of Banks in Singapore (ABS) has issued guidelines on information security measures for Outsourcing Service Providers (OSPs) who wish to provide services to Financial Institutions (FIs) operating in Singapore. OSPAR is issued with an audit report stating that it has been audited by a third party and meets the standards.

SMETA (Sedex Members Ethical Trade Audit) is the most widely used social audit in the world. SMETA is Sedex’s social auditing methodology, enabling businesses to assess their sites and suppliers to understand working conditions in their supply chain.

EMEA certifications

ISO 9001 is the international standard that specifies the requirements on Quality Management Systems (QMS) that help regulate, maintain and control the quality of our services at all our data centers. It ensures consistency to meet customer and regulatory requirements.

The requirements for Information Security Management Systems (ISMS) are based on the ISO 27001 standard and supports us to keep information assets secure. ISMS consists of a framework of policies, procedures and security controls that protect the confidentiality, availability, and integrity of assets from threats and vulnerabilities.

Our dedication to strict physical access controls and network security gives our clients peace of mind that we proactively safeguard their consumer information. Payment Card Industry Data Security Standard (PCI DSS) is a vital industry standard for the protection of sensitive cardholder data, and as a data center service provider, we meet the applicable PCI DSS requirements at all of our data centers.

In Germany, our data centers are audited in accordance with the legal requirements of §8a (3) BSIG for critical infrastructures (KRITIS). This audit verifies our precautions to prevent disruptions to the availability, integrity, authenticity, and confidentiality of our information technology systems, components, or processes which are imperative to the functioning of critical infrastructures.

ISO 14001 standard covers the design, implementation and improvement of Environmental Management Systems (EMS). We use the framework to measure and improve the way resources are used and disposed of by our data centers in the United Kingdom. Greater resource efficiency and waste management help to sustainably protect the environment.

With the implementation and improvement of the Energy Management System (EnMS) according to the ISO 50001 standard, the planning and operation of energy supply systems as well as the conservation of resources and the associated cost reduction in energy use are considered. Our focus is to continuously monitor system efficiency - identifying opportunities for improvement and optimizing the efficiency of existing facilities and systems.

The European-standard EN 50600 uses a holistic approach to provide comprehensive specifications for the planning, construction and operation of a data center. It defines requirements for the planning of building construction, power supply, air conditioning, cabling, security systems, and specifies criteria for the operation of data centers.

We operate an internal control system (ICS) to ensure the quality of the services provided to our clients. The effectiveness of the ICS is audited annually by independent auditors for our data centers within the scope according to the International Standard on Assurance Engagements Assurance Reports on Controls at a Service Organization (ISAE 3402 Type II).

For our Zurich 1 Data Center, we provide a report on the description of the internal control system for adherence to the FINMA Circular 2018/3 requirements regarding the dealing with outsourcing risks (applicable to outsourcing solutions at banks, securities dealers, and insurance companies) and the suitability of the design of controls to support the adherence to the principles specified in the FINMA Circulars.

BREAM UK certification for our London 1 Data Center (Building A) demonstrates our commitment to greater efficiency in energy, lighting and water use, as well as the utilization of recycled and reused materials. Our facility design process focuses on achieving a model of energy and material efficiency through numerous design innovations and green construction techniques. 

India certifications

ISO 9001 is the international standard that specifies the requirements on Quality Management Systems (QMS) that help regulate, maintain and control the quality of our services at all our data centers. It ensures consistency to meet customer and regulatory requirements.

The requirements for Information Security Management Systems (ISMS) are based on the ISO 27001 standard and supports us to keep information assets secure. ISMS consists of a framework of policies, procedures and security controls that protect the confidentiality, availability, and integrity of assets from threats and vulnerabilities.

Ensures fulfilment of clients' needs by providing cost-effective, reliable and consistent IT services.

Business continuity system to ensure business recovery from disruptive incidents.

Our dedication to strict physical access controls and network security gives our clients peace of mind that we proactively safeguard their consumer information. Payment Card Industry Data Security Standard (PCI DSS) is a vital industry standard for the protection of sensitive cardholder data, and as a data center service provider, we meet the applicable PCI DSS requirements at all of our data centers.

SOC reports help service organizations that provide services to other businesses build trust and confidence in the service performed. SOC1 is an assessment of the internal control of the trustee company in relation to the financial reporting of the trustee company; SOC2 is an assessment of the internal control of the trustee company in the trustee business areas such as security, confidentiality, solubility, privacy, and integrity of processing (international standards are ISAE3402 for SOC1, ISAE3000 for SOC2, and SSAE18 for the United States).

Design standards for data centers are established by the TIA. The Rated 3 is required to have redundancy which does not affect the IT crisis at the time of facility maintenance or failure.