Data Centre Compliance More Critical Than Ever
As your data universe continues to expand, data maintenance, storage, accessibility, and transmission are increasingly critical to operating your business. This makes finding the right data centre provider more important than ever-one who can meet a variety of compliance and security standards.
Digital Realty has implemented strict requirements to meet industry standards, enabling more than 2300 organisations host their data and critical applications in compliant data centres globally. Our state-of-the-art data centre facilities use leading technologies and security safeguards, and are fully-redundant to ensure maximum security and availability.
Digital Realty has developed a comprehensive compliance programme that addresses the needs and requirements of its customers. It includes standards and requirements that are most relevant to the services Digital Realty provides for in-scope properties.
Service Organisation Controls 2 (SOC 2)
Report on Controls at a Service Organisation Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy
This report meets the requirements of a broad range of users to understand internal controls at a service organisation as they relate to security, availability, processing integrity, confidentiality and privacy. This report is developed according to the AICPA Guide: Reporting on Controls at a Service Organisations Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy and is intended for use by stakeholders (e.g., customers, regulators, business partners, suppliers, directors) of the service organisation who have a thorough understanding of the service organisation and its internal controls.
Stakeholders can leverage this report for:
- Oversight of the organisation
- Vendor management programs
- Internal corporate governance and risk management processes
- Regulatory oversight
Digital Realty provides the SOC 2 report for the Security and Availability Principles for its owned and managed U.S. properties, and internationally as required.
The SOC 2 controls are based on a standard set of security criteria developed and issued by the AICPA in the Trust Services Principles and Criteria. The term "Trust Services" is defined as a set of professional attestation and advisory services based on a core set of principles and criteria addressing the risks and opportunities of IT-enabled systems and privacy programs.
Digital Realty demonstrates compliance with the Trust Services Principles of Security and Availability, by conducting a SOC 2 examination. The Security Principle states that the system is protected against unauthorized access (both physical and logical) while the Availability Principle demonstrates that the system is available for operation and use as committed to or agreed upon.
PCI-DSS: The Payment Card Industry Data Security Standards
The PCI Security Standards Council offers robust and comprehensive standards and supporting materials to enhance payment card data security. These materials include a framework of specifications, tools, measurements and support resources to help organisations ensure the safe handling of cardholder information at every step. The keystone is the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process - including prevention, detection and appropriate reaction to security incidents.
Digital Realty obtains an annual Report on Compliance for parts of Requirement 9 and 12 for its owned and managed U.S. properties and internationally as required. Attestation on Compliance is available for distribution to customers upon request.
FISMA NIST SP 800-53
Security and Privacy Controls for Federal Information Systems and Organisations Special Publication 800-53 provides guidelines for selecting and specifying security controls for information systems supporting the executive agencies of the federal government.
Digital Realty’s SOC 2 reports contain mapping to the NIST SP 800-53 moderate controls, showing how these controls are addressed in the SOC 2 report.
The Monetary Authority of Singapore Act
The Monetary Authority of Singapore Act establishes a corporation to be known as the Monetary Authority of Singapore. It provides for the exercise of control over and the resolution of financial institutions and their related entities by the Monetary Authority of Singapore and other authorities, and establishes a framework for the issue of securities by the Monetary Authority of Singapore and the regulation of primary dealers.
MAS expects financial institutions to perform a Threat Vulnerability Risk Assessment (TVRA) on data centres in both Singapore and overseas, as long as the latter supports the financial institution's Singapore operations.
Digital Realty undertook a TVRA study for its data centre facilities in Singapore.
International Organisation for Standardisation (ISO)
The ISO, world's largest developer of voluntary International Standards, provides state of the art specifications for products, services and good practices, helping make industry more efficient and more effective. Developed through global consensus, ISO standards help break down barriers to international trade.
Digital Realty obtains ISO certifications for all international owned and managed properties, and will continue to add U.S. properties over time.
The Integrated Management System (IMS) assists with standardizing operations and reducing risk. It is an integral part of Digital Realty's business model. Digital Realty's Integrated Management System (IMS) includes the following standards under which our in scope properties are certified:
- Optimizing operation efficiencies and reduces expenditures for greater cost savings
- Enhancing customer satisfaction
- Identifying and encouraging more efficient, time saving processes
- Highlighting deficiencies
- Increasing standardization across the global portfolio
- Providing for continuous assessment and improvement
- Including provisions for business continuity
Information Security Management
- Giving customers and stakeholders confidence in how risk is managed
- Allowing for secure exchange of information
- Helping with compliance with other standards (SOX)
- Minimizing exposure to risk
- Creating consistency in service delivery
- Reducing energy costs
- Ensuring legislative awareness and compliance
- Improving environmental impact of equipment
- Protecting companies’ and customers’ assets
- Decreasing insurance premiums
- Reducing emissions and carbon foot print
- Reducing carbon foot print
- Increasing energy cost savings
- Increasing knowledge of equipment efficiencies
- Improving operational efficiencies and maintenance processes
- Reducing costs to customers
- Improving corporate image
ISO 50001 Compliance is core to our value proposition
Digital Realty is committed to supporting its customers in their journey towards a Low Carbon Economy, the environmental benefit that this delivers, and corresponding reduction in operational costs.
Our goal in this effort is to demonstrate a level of expertise and commitment to client success unmatched by competitors, expanding our already-comprehensive compliance programme to encompass other regulatory standards most applicable to our enterprise-level and colocation data centre clients.
Digital Realty integrates security into the value proposition of all its data centre properties. By laying a strong process foundation with relevant controls; placing a premium on our people, matching their skills and training to client needs; and guaranteeing transparency and service-level commitments through unmatched compliance efforts, Digital Realty ensures that its clients can rely on its ability to provide a highly efficient, highly resilient mission-critical environment to meet their most stringent requirements.
After baselining current performance, and following dialogue with customers, Digital Realty will deliver on the core ISO principle of continual improvement by targeting:
- Opportunities to reduce energy demand through improved housekeeping measures.
- Low-cost investment and evaluation of the benefit of funding higher value projects.
In addition, the programme can incorporate additional training and stakeholder awareness, as well as, contribute to the design and construction activities of new Digital Realty facilities.
ISO50001 certification is also a direct route to ESOS (Energy Savings Opportunities Scheme) compliance, and as such, Digital Realty customers will enjoy exemption from this scheme for infrastructure deployed in a Digital Realty facility in the U.K.