Compliance

Rigorous compliance standards for operations, reliability, and security.

As a global leader in retail colocation, Cyxtera provides a trusted data center platform that meets the industry’s high bar for data resiliency and security. Cyxtera has implemented a comprehensive compliance program that enables more than 2300 organizations to host their sensitive data and critical applications across our global footprint.

Our program reduces data center risk with comprehensive support for industry standards, including SOC 1, SOC 2, PCI-DSS, ISO 27001, ABS OSPAR, and NIST 800-53 PE High.

Compliance Portfolio

ISO 27001

ISO 27001 is a globally recognized security standard that ensures the establishment of an Information Security Management System (ISMS) within an organization to oversee the effective implementation of a comprehensive set of security controls and best practices.

Cyxtera's global portfolio of data centers are ISO 27001 certified to support optimal delivery of services while minimizing risk to customer data. The certificate is available for distribution to customers upon request.

SOC 1

System and Organization Controls (SOC) 1 is an American Institute of Certified Public Accountants (AICPA) report used to document controls relevant to an organization’s Internal Controls over Financial Reporting (ICFR). The report focuses on an organization's services provided, along with supporting processes, policies, procedures, personnel, and operational activities that constitute the core activities relevant to users. The auditing standards for an SOC 1 report include SSAE 18 and ISAE 3402.

Cyxtera obtains a SOC 1 report (combined SSAE 18/ISAE 3402) for colocation across all facilities worldwide on an annual basis. The report is available for distribution to customers upon request.

SOC 2

System and Organization Controls (SOC) 2 is an American Institute of Certified Public Accountants (AICPA) report used to document controls relevant to Trust Service Criteria. Trust Services Criteria is intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems. Cyxtera obtains a SOC 2 report for Security and Availability Trust Criteria for all facilities worldwide on an annual basis. The report is available for distribution to customers upon request.

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards that applies to all providers that store, process or transmit cardholder data (CHD). Cyxtera obtains an independent Attestation of Compliance for all controls that apply to the colocation services across all facilities worldwide on an annual basis.

A Report on Compliance Letter and Attestation of Compliance is available for distribution to customers upon request. Cyxtera's compliance status can also be found on Visa's Global Registry of Service Providers.

NIST 800-53 PE High

NIST 800-53 is published by the National Institute of Standards and Technology, which creates and promotes the standards used by federal agencies to implement the Federal Information Security Management Act (FISMA) and manage other programs designed to protect information and promote information security.

Cyxtera's United States data centers are independently audited on an annual basis by a 3PAO against NIST 800-53 Physical Environment controls at the high-risk control level. An attestation letter from Cyxtera's 3PAO is available for distribution to customers upon request.

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) is governed by the Department of Health and Human Services' (HHS) Office of Civil Rights that sets the national security standards for safeguarding Protected Health Information (PHI) and electronic (e-PII).

Cyxtera colocation facilities require third parties to enter into a Business Associate Agreement across all facilities worldwide prior to performing services.

ABS OSPAR

The Association of Banks in Singapore (ABS) has established guidelines on control objectives and procedures for the Outsourced Service Providers (OSPs) operating in Singapore used by Financial Institutions (FIs) in Singapore. OSP Audit Reports (OSPARs) apply SSAE 3000/ISAE 3000 and ISAE 3402/SSAE 3402 or SOC 2 standards for the report. ABS guidelines dictate that OSPs must use the OSPAR format, regardless of if the OSP also obtains a SOC 2 report.

Cyxtera obtains an annual OSPAR report for its owned and managed data centers in Singapore. The report is available for distribution to FI customers upon request.

MAS TVRA

A Threat and Vulnerability Risk Assessment (TVRA) is a set of requirements to assess the physical and environmental security of an organization's data center. TVRA requirements are issued by the Monetary Authority of Singapore (MAS) for all Singapore-based Financial Institutions (FIs). An OSP TVRA is mandated as a control in the OSPAR, however, MAS requires FIs to perform a TVRA for their OSPs.

Cyxtera obtains a TVRA report for its data center facilities in Singapore every three years. Reports are not provided to customers.

Colocation

Our network of global data centers provides an exceptional level of performance, security and reliability.

Explore Colocation

Interconnection

Scale your digital business with secure, direct, and dynamic connectivity.

Explore Interconnection

Contact us today

At Cyxtera, your success is our success. We’re happy to help with any questions, please let us know how we can help with your next IT solution.

Contact us