Industry Audits, Controls and Security
Reliable and Secure Service Delivery
C7 undergoes rigorous audits and control procedures to ensure reliability and security of service delivery. Take comfort in that C7 has strict security policies and technology to ensure your data infrastructure is safe and secure.
- SSAE 16
- Scheduled maintenance and testing of power, cooling and networking systems
- Hourly facility walk through checks
- Training for data center technicians
- 2 factor, 5 layer authentication
- Custom security measures as required
- 24×7 on-site security
- Video cameras around buildings and throughout facilities
- Company approved access control list
- Data center access log
- Strict facility access protocols
- Background checks on employees
C7 Data Centers, Inc. understands the importance of ensuring the utmost transparency in internal controls and procedures. We want our customers to know they can trust C7 to provide data center facilities and services that meet the strictest control standards and industry best practices. To that end, C7 undergoes rigorous auditing of financial, security, and operational controls.
C7 completes an SSAE 16 SOC1 Type II audit, annually. The Statement on Standards for Attestation Engagements (SSAE) includes service auditor reports on the fairness of management’s description of the service organization’s system controls, design, and operating effectiveness over a one year period. C7’s most recent SSAE 16 covers the period between October 1, 2012 and September 30, 2013.
Payment Card Industry Data Security Standard (PCI DSS) helps control and minimize points of risk due to fraud or compromise of sensitive information. C7 adheres to PCI DSS physical security standards to protect customer servers, which may contain credit card data and other sensitive information. C7 received an Attestation of Compliance (AOC) and the accompanying Report on Compliance (ROC) for PCI DSS on May 12, 2014.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides federal protections for personal health information (PHI), and specifies administrative, physical, and technical safeguards to assure the confidentiality, integrity, and availability of electronic protected health information (ePHI).
C7 adheres to physical security standards under HIPAA guidelines for the housing of customer servers containing sensitive data, which may contain hardcopy PHI or ePHI data. As of April 2014, C7 completed and submitted all conditions of compliance under HIPAA guidelines. Attestation of Compliance is expected no later than June 2014.
We are pleased to partner with such a high-caliber and well managed data center provider to offer our customers a state of the art data center facility that delivers high performance, availability, as well as excellent security and reliability.
View the HIPAA regulation text which requirements for C7 to be HIPAA compliant.
View the requirements and security assessment procedure for C7 to be PCI DSS compliant.