Data Centre Compliance More Critical Than Ever

As your data universe continues to expand, data maintenance, storage, accessibility, and transmission are increasingly critical to operating your business. This makes finding the right data centre provider more important than ever-one who can meet a variety of compliance and security standards.

Digital Realty has implemented strict requirements to meet industry standards, enabling more than 2300 organisations host their data and critical applications in compliant data centres globally. Our state-of-the-art data centre facilities use leading technologies and security safeguards, and are fully-redundant to ensure maximum security and availability.

Digital Realty has developed a comprehensive compliance program that addresses the needs and requirements of its customers. It includes standards and requirements that are most relevant to the services Digital Realty provides for in-scope properties.

Service Organisation Controls 2 (SOC 2)

Report on Controls at a Service Organisation Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy

This report meets the requirements of a broad range of users to understand internal controls at a service organisation as they relate to security, availability, processing integrity, confidentiality and privacy. This report is developed according to the AICPA Guide: Reporting on Controls at a Service Organisations Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy and is intended for use by stakeholders (e.g., customers, regulators, business partners, suppliers, directors) of the service organisation who have a thorough understanding of the service organisation and its internal controls.

Stakeholders can leverage this report for:

  • Oversight of the organisation
  • Vendor management programs
  • Internal corporate governance and risk management processes
  • Regulatory oversight

Digital Realty provides the SOC 2 report for the Security and Availability Principles for its owned and managed U.S. properties, and internationally as required.

The SOC 2 controls are based on a standard set of security criteria developed and issued by the AICPA in the Trust Services Principles and Criteria. The term "Trust Services" is defined as a set of professional attestation and advisory services based on a core set of principles and criteria addressing the risks and opportunities of IT-enabled systems and privacy programs.

Digital Realty demonstrates compliance with the Trust Services Principles of Security and Availability, by conducting a SOC 2 examination. The Security Principle states that the system is protected against unauthorized access (both physical and logical) while the Availability Principle demonstrates that the system is available for operation and use as committed to or agreed upon.

PCI-DSS: The Payment Card Industry Data Security Standards

The PCI Security Standards Council offers robust and comprehensive standards and supporting materials to enhance payment card data security. These materials include a framework of specifications, tools, measurements and support resources to help organisations ensure the safe handling of cardholder information at every step. The keystone is the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process - including prevention, detection and appropriate reaction to security incidents.

Digital Realty obtains an annual Report on Compliance for parts of Requirement 9 and 12 for its owned and managed U.S. properties and internationally as required. Attestation on Compliance is available for distribution to customers upon request.

FISMA NIST SP 800-53

Security and Privacy Controls for Federal Information Systems and Organisations Special Publication 800-53 provides guidelines for selecting and specifying security controls for information systems supporting the executive agencies of the federal government.

Digital Realty’s SOC 2 reports contain mapping to the NIST SP 800-53 moderate controls, showing how these controls are addressed in the SOC 2 report.

The Monetary Authority of Singapore Act

The Monetary Authority of Singapore Act establishes a corporation to be known as the Monetary Authority of Singapore. It provides for the exercise of control over and the resolution of financial institutions and their related entities by the Monetary Authority of Singapore and other authorities, and establishes a framework for the issue of securities by the Monetary Authority of Singapore and the regulation of primary dealers.

MAS expects financial institutions to perform a Threat Vulnerability Risk Assessment (TVRA) on data centres in both Singapore and overseas, as long as the latter supports the financial institution's Singapore operations.

Digital Realty undertook a TVRA study for its data centre facilities in Singapore.

International Organisation for Standardisation (ISO)

The ISO, world's largest developer of voluntary International Standards, provides state of the art specifications for products, services and good practices, helping make industry more efficient and more effective. Developed through global consensus, ISO standards help break down barriers to international trade.

Digital Realty obtains ISO certifications for all international owned and managed properties, and will continue to add U.S. properties over time.

The Integrated Management System (IMS) assists with standardizing operations and reducing risk. It is an integral part of Digital Realty's business model. Digital Realty's Integrated Management System (IMS) includes the following standards under which our in scope properties are certified:

Quality Management

ISO 9001

  • Optimizing operation efficiencies and reduces expenditures for greater cost savings
  • Enhancing customer satisfaction
  • Identifying and encouraging more efficient, time saving processes
  • Highlighting deficiencies
  • Increasing standardization across the global portfolio
  • Providing for continuous assessment and improvement
  • Including provisions for business continuity

Information Security Management

ISO 27001

  • Giving customers and stakeholders confidence in how risk is managed
  • Allowing for secure exchange of information
  • Helping with compliance with other standards (SOX)
  • Minimizing exposure to risk
  • Creating consistency in service delivery

Environmental Management

ISO 14001

  • Reducing energy costs
  • Ensuring legislative awareness and compliance
  • Improving environmental impact of equipment
  • Protecting companies’ and customers’ assets
  • Decreasing insurance premiums
  • Reducing emissions and carbon foot print

Energy Management

ISO 50001

  • Reducing carbon foot print
  • Increasing energy cost savings
  • Increasing knowledge of equipment efficiencies
  • Improving operational efficiencies and maintenance processes
  • Reducing costs to customers
  • Improving corporate image

View Sustainability Certifications

Review the certifications, ratings, and awards of our sustainable properties throughout the world.

Certifications
Contact Us