CoreSite Successfully Completes Annual Compliance Examinations
-- Demonstrates ongoing Commitment to Operational Excellence and Customer Experience, Enabling Customers to meet Industry Standard Compliance Requirements --
The completion of these annual examinations uniquely positions CoreSite to provide its customers a consistent and comprehensive solution to compliance standards as part of its overall customer value proposition. This also demonstrates CoreSite’s ongoing commitment to operational excellence and customer experience, enabling its customers to meet industry standard compliance requirements.
In addition to enterprise-class colocation infrastructure, CoreSite provides controls over physical access and environmental systems that house its customers’ critical data systems and hardware.
CoreSite successfully completed the following annual examinations:
- System and Organization Controls (SOC) 1 Type 2 examination
- SOC 2 Type 2 examination
International Organization for Standardizationcertification for Information Security Management Systems (ISO 27001)
- Payment Card Industry Data Security Standard (PCI DSS) validation
Health Insurance Portability and Accountability Act (HIPAA) attestation for the HIPAA Security Rule and the Health Information Technology for Economic and Clinical Health Act (
HITECH) Breach Notification requirements National Institute of Standards and Technology Publication Series800-53 (NIST 800-53) attestation based on the high-impact baseline controls and additional Federal Risk and Authorization Management Program (FedRAMP) requirements for a subset of control families applicable to colocation services
SOC 1 Type 2 and SOC 2 Type 2
The SOC 1 and SOC 2 examinations are attestation standards issued by the
ISO 27001 is an internationally recognized standard that outlines the requirements for constructing a risk-based framework to initiate, implement, maintain, and manage information security within an organization. The ISO 27001 certification, one of the most stringent certifications for information security controls, confirms that specified information security controls and other forms of risk treatment are in place to detect and defend against potential information security threats and vulnerabilities. The certification also ensures that the information security controls continue to meet physical security needs on an ongoing basis. The scope of the ISO 27001 certification is applicable to the information security management system (ISMS) supporting CoreSite’s provision and operation of 24x7 colocation services for its customers, and covers both its corporate policies and procedures as well as those of its operating data centers.
The PCI DSS is a broad set of standards that require merchants and service providers that maintain or host systems that store, process, or transmit customer payment card data to adhere to strict security controls and processes. As a provider of data center colocation services, CoreSite has proactively met the relevant requirements for its business in support of the PCI compliance needs of its customers. The most recent PCI DSS attestation of compliance (AOC) and report on compliance (ROC) have been issued under version 3.2.1.
HIPAA requires that covered entities and business associates take strong measures to protect the privacy and security of protected health information. By attaining an attestation against the HIPAA Security Standards for the Protection of Electronic Protected Health Information (“HIPAA Security Rule”) and the Notification in the Case of Breach of Unsecured Protected Health Information enacted as part of the American Recovery and Reinvestment Act of 2009 (“HITECH Breach Notification Requirements”), CoreSite provides assurance to healthcare industry stakeholders that its data center colocation services meet the HIPAA Security Rule and HITECH Breach Notification requirements necessary to protect a covered entity’s physically hosted information systems in CoreSite’s national platform of multi-tenant data centers.
New in 2019, CoreSite successfully implemented the NIST 800-53 high-impact baseline controls, including additional FedRAMP requirements, for a subset of control families applicable to colocation services. The utilization of the high-impact baseline controls for NIST 800-53 reflects CoreSite’s commitment to successfully delivering the most rigorous compliance standards to support our customers’ Federal Information Security Management Act (FISMA) and FedRAMP compliance efforts. NIST 800-53 is a publication that recommends security controls for federal information systems and organizations. NIST 800-53 is published by the
Examinations and Assessments
All of the above examinations and assessments were conducted by
This press release may contain forward-looking statements within the meaning of the federal securities laws. Forward-looking statements relate to expectations, beliefs, projections, future plans and strategies, anticipated events or trends and similar expressions concerning matters that are not historical facts. In some cases, you can identify forward-looking statements by the use of forward-looking terminology such as “believes,” “expects,” “may,” “will,” “should,” “seeks,” “approximately,” “intends,” “plans,” “pro forma,” “estimates” or “anticipates” or the negative of these words and phrases or similar words or phrases that are predictions of or indicate future events or trends and that do not relate solely to historical matters. Forward-looking statements involve known and unknown risks, uncertainties, assumptions and contingencies, many of which are beyond CoreSite’s control that may cause actual results to differ significantly from those expressed in any forward-looking statement. These risks include, without limitation: the geographic concentration of the Company’s data centers in certain markets and any adverse developments in local economic conditions or the amount of supply of or demand for data center space in these markets; fluctuations in interest rates and increased operating costs; difficulties in identifying properties to acquire and completing acquisitions; significant industry competition, including indirect competition from cloud service providers; failure to obtain necessary outside financing; the ability to service existing debt; the failure to qualify or maintain its status as a REIT; financial market fluctuations; changes in real estate and zoning laws and increases in real property tax rates; and other factors affecting the real estate industry generally. All forward-looking statements reflect the Company’s good faith beliefs, assumptions and expectations, but they are not guarantees of future performance. Furthermore, the Company disclaims any obligation to publicly update or revise any forward-looking statement to reflect changes in underlying assumptions or factors, of new information, data or methods, future events or other changes. For a further discussion of these and other factors that could cause the Company’s future results to differ materially from any forward-looking statements, see the section entitled “Risk Factors” in its most recent annual report on Form 10-K, and other risks described in documents subsequently filed by the Company from time to time with the
Vice President Investor Relations and Corporate Communications