Switch data centers maintain stringent standards and controls around operations, security, availability, and reliability. We have a comprehensive set of compliance certifications and attestations which reflects our commitment to support the highest standards for controls, data security, and privacy.

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule. Additional details can be found at https://www.cdc.gov/phlp/publications/topic/hipaa.html.

HITRUST CSF

A certifiable framework that provides organizations globally a comprehensive, flexible, and efficient approach to regulatory/standards compliance and risk management. HITRUST uses a risk-based approach/framework that focuses on the security, privacy, availability and integrity of sensitive information such as Protected Health Information (PHI), Personally Identifiable Information (PII), etc. Additional details can be found at https://hitrustalliance.net/product-tool/hitrust-csf/.

ISO 14001

The International Organization for Standardization 14001 Standard (ISO 14001) is a globally recognized environmental management system standard for controlling environmental impacts related to our activities and sustainability. These certifications run for 3 years (renewal audits) and have annual touch point audits (surveillance audits).  Additional details can be found at https://www.iso.org/iso-14001-environmental-management.html.

ISO 27001

The International Organization for Standardization 27001 Standard (ISO 27001) is a globally recognized information security standard that helps ensure data centers are securely managed. These certifications run for 3 years (renewal audits) and have annual touch point audits (surveillance audits). Additional details can be found at https://www.iso.org/standard/iso-iec-27000-family.

ISO 50001

The International Organization for Standardization 50001 Standard (ISO 50001) is a globally recognized Energy Management System standard that helps ensure the conformity and effectiveness of our energy management system. These certifications run for 3 years (renewal audits) and have annual touch point audits (surveillance audits).  Additional details can be found at https://www.iso.org/iso-50001-energy-management.html.

MPA

The Motion Picture Association (MPA) provides content protection best practices and control frameworks to help major studio partners and vendors design infrastructure and solutions to ensure the security of digital film/assets. Additional details can be found at https://www.motionpictures.org/what-we-do/safeguarding-creativity/additional-resources/#content-protection-best-practices.

NIST SP 800-53

The National Institute of Standards and Technology (NIST) Special Publication 800-53 is a cybersecurity standard and compliance framework providing a catalog of security and privacy controls for information systems and organizations. This framework also helps organizations meet requirements which are set forth by the Federal Information Security Management Act (FISMA). Additional details can be found at https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final.

PCI DSS

The Payment Card Industry Data Security Standards (PCI DSS) is a proprietary information security standard designed to ensure that companies processing, storing or transmitting payment card information maintain a secure environment. A PCI Qualified Security Assessor (QSA) assesses company systems and processes on an annual basis and issues an Attestation of Compliance (AOC). Additional information can be found at https://www.pcisecuritystandards.org.

SOC 1 TYPE 2

The American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) reports give assurance over control environments, and are primarily concerned with examining controls that are relevant for financial reporting/systems. Additional details can be found at https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc1report.html.

SOC 2 TYPE 2

The American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) report give assurance over control environments, and are primarily concerned with controls around security, availability, integrity, confidentiality, and privacy. Additional details can be found at https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report.html.

SOC 3

The American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) reports give assurance over control environments, and are primarily concerned with controls around security, availability, integrity, confidentiality, and privacy (same as SOC 2). Additional details can be found at https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc3report.html.

Switch attestation and compliance reports can formally be requested by customers, please reach out directly to [email protected] for assistance.