CoreSite Successfully Completes Annual Compliance Examinations
CoreSite Realty Corporation (NYSE:COR) (the “Company”), a premier provider of secure, reliable, high-uptime data center campuses with high-performance cloud access and interconnection solutions in major U.S. metropolitan areas, today announced it has successfully completed its annual compliance examinations for the colocation services offered across 22 operating multi-tenant data centers in its portfolio.
The completion of these annual examinations positions CoreSite to provide its customers a consistent and comprehensive solution to compliance standards as part of its overall customer value proposition. This also demonstrates CoreSite’s ongoing commitment to operational excellence and customer experience, enabling its customers to meet industry standard compliance requirements.
In addition to enterprise-class colocation infrastructure, CoreSite provides controls over physical access and environmental systems that house its customers’ critical data systems and hardware.
Annual Examinations
CoreSite successfully completed the following annual examinations:
- System and Organization Controls (SOC) 1 Type 2 examination
- SOC 2 Type 2 examination
- International Organization for Standardization certification for Information Security Management Systems (ISO 27001)
- National Institute of Standards and Technology Publication Series 800-53 (NIST 800-53) attestation based on the high-impact baseline controls and additional Federal Risk and Authorization Management Program (FedRAMP) requirements for a subset of control families applicable to colocation services
- Payment Card Industry Data Security Standard (PCI DSS) validation
- Health Insurance Portability and Accountability Act (HIPAA) attestation for the HIPAA Security Rule and the Health Information Technology for Economic and Clinical Health Act (HITECH) Breach Notification requirements
SOC 1 Type 2 and SOC 2 Type 2
The SOC 1 and SOC 2 examinations are attestation standards issued by the American Institute of Certified Public Accountants (AICPA), and both reports have been issued under the AICPA’s Statement on Standards for Attestation Engagements (SSAE) No. 18, and equivalent international standards. SOC 2 is measured using a standardized set of criteria set forth in TSP section 100, Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria); whereas, SOC 1 is measured against company-defined control objectives and underlying controls. The examinations provide CoreSite customers with the assurance of corporate controls, including controls relating to physical and environmental security, customer support, and operational excellence, and the SOC 2 included the security and availability categories as defined by the AICPA Trust Services Criteria. Companies with compliance requirements may require SOC 1 or SOC 2 examination reports, including publicly traded enterprises, financial firms, and healthcare organizations. The scope of these compliance assessments is limited to the physical and environmental security controls supporting the colocation services offering. CoreSite’s Any2Exchange and Open Cloud Exchange service offerings are included within the scope of the SOC 2 examination.
