PCI, HIPAA, and NIST/FISMA regulations mandate businesses to safeguard, track, and control access to sensitive information. All of these mandates feature complex and time-consuming demands. As a business owner, it’s important to know that some of these requirements particularly focus on the physical aspects of where your IT infrastructure is located and how well access to this information is controlled.
Whether you’re currently looking for a data center or are already using one, it’s of paramount importance that the data center you use truly understands the various compliance standards, has all of the certifications in place, and features 24/7 security. While most data centers claim they’re compliant with these mandates, many only meet a small portion of these regulations. However, DataSite’s three colocation facilities in Orlando, Atlanta, and Boise meet the stringent physical security requirements for HIPAA, PCI & NIST/FISMA and perform an annual SSAE 16 TYPE II audit to ensure compliance around the clock.
Different Compliance Types
HIPAA
Entities that deal with protected health information (PHI) must be in compliance with HIPAA, or the Health Insurance Portability and Accountability Act. Such entities include medical service providers, health plans, healthcare clearinghouses, and health insurers. Covered entities found in breach of HIPAA face stiff fines as well as criminal and civil penalties, as HIPAA is a federal law.
PCI
Merchants that accept credit and debit card payments are regulated by PCI DSS, or Payment Card Industry Data Security Standard, to ensure their customers’ personal information is safe and secure. While there are no civil or criminal charges associated with non-compliance, a PCI breach can cost a business a great deal of money and could also result in the loss of card processing privileges. Part of these standards pertain to the physical aspects of where a company’s IT infrastructure is housed and how access to that information is controlled on that hardware.
As experts on the topic of PCI compliance, Rackmount Solutions provides top-of-the-line server racks and cabinets designed for IT/network professionals. These enclosures are widely used in data centers with a large portion of them being PCI compliant, as they feature keyed security covers, panels, and doors to keep any threats at bay. Rackmount Solutions offers dozens of options for server security to help ensure that each customer gets the best fit for their space while remaining PCI compliant.
NIST/FISMA
The Federal Information Security Management Act is a law meant to bolster computer and network security within the federal government and affiliated parties, such as contractors that exchange data with federal information systems. The National Institute of Standards and Technology (NIST) is responsible for developing and issuing standards that federal agencies must follow to implement FISMA. If a federal agency fails to comply with FISMA, it may be sanctioned by a budget cut. Non-compliance by a contractor may result in the contractor being prohibited from bidding on future federal contracts.
SSAE16 Type II Audit
A data center in compliance with Statement on Standards for Attestation Engagements No. 16 (SSAE16) Type II has successfully completed a thorough independent audit that proves its critical data and infrastructure is in a facility that utilizes stringent internal business processes and IT controls for the services it provides.
To ensure our clients’ sensitive information and equipment is protected, DataSite makes use of around the clock security guards, extensive video surveillance, keycard access, and biometrics at entrances. It also carries out routine vehicle stops and conducts equipment checks. We are focused on providing a secure physical location that adheres to the requirements and guidelines set out for industries with added levels of security regulations including healthcare, credit card financial services, and government entities.
