Keeping Our Promises: An Update on Equinix Certifications

Doug Ventura

leed-certification

At Equinix, we make a lot of important promises to our customers, but few are as significant as our promises to protect their IT and data and do all we can to keep it safe and compliant with global operational, environmental and financial regulations. Our commitment to these promises is continuous and – critically – independently verified.

Equinix works with several regulatory and assessment bodies to win, maintain and update certifications. As our Chief Global Operations Officer Sam Kapoor said, “Equinix is committed to maintaining the highest levels of excellence for our customers. That means ensuring our data centers meet the needs of global businesses and reflect the latest in standards and compliance.”

Indeed, the list of certifications Equinix has obtained or maintained over the last year is long, and it’s easy to get lost in the lengthy acronyms. I’ve chosen here to focus on what I call “The Big Four,” which are some of the most widely sought after and important certifications. Below is a brief description of each, and a 2015-2016 update. (It’s important to note that these certifications are in force with Equinix in any region they are required. The updates list only regions where certification renewal was required in 2015-2016.)

SSAE16 SOC/ISAE 3402 SOC1 Type 2

SOC stands for Service Organization Controls, which are accounting standards that measure the control of financial information for service organizations, like Equinix, which provide services for users which are likely to be relevant to their internal controls over financial reporting. An example of such a user would be a stock exchange in one of Equinix’s financial services ecosystems.

SOC examinations can only be performed by an independent CPA firm. This particular type of certification shows that we are up to date with international service organization reporting standards. The SSAE16 SOC/ISAE 3402 SOC1 Type 2 audit also minimizes the need for multiple sets of auditors to separately examine the same set of controls that govern a third party’s services.

2015/2016 UPDATE:

Americas – IBXs renewed

EMEA – IBXs renewed

Asia-Pacific – IBXs renewed

SOC2 Type 2

The SOC2 compliance is designed for the increasing number of service organizations that are involved in technology or cloud computing. This certification attests to the security, availability or processing integrity of a service organization’s system. It also verifies the confidentiality or privacy of the information processed for the service organization’s users.

2015/2016 UPDATE:

North America – IBXs renewed

ISO 27001:2013

ISO (International Organization for Standardization) 27001 is the most widely accepted certification for verifying information security, physical security and business continuity at our IBXs. It ensures risks and threats to the business are assessed and managed, physical security processes (e.g. restricted access policies) are consistently enforced, that security tests are conducted routinely, and that there is regular closed circuit television monitoring.

2015/2016 UPDATE:

South America – IBXs renewed

EMEA – IBXs updated to the 27001:2013 standard

Asia-Pacific – IBXs renewed

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) focuses on the safe handling of sensitive information by organizations that handle the major credit cards. It’s designed specifically to help organizations proactively protect customer account data and prevent credit card fraud. At Equinix, we don’t have access to customer data, so this certification applies strictly to verifying physical security access to the equipment of customers, some of whom deal with the major players in the payment card industry. This confirms the efficacy of our management system and our physical access safeguards and procedures.

2015/2016 UPDATE:

Americas – New certifications, four (4) North American IBXs; South American IBXs renewed

EMEA – IBXs renewed

Asia-Pacific – New certifications, nine (9) IBXs

Learn more about Equinix IBX standards and compliance.

Doug Ventura
Doug Ventura Director of Product Management - Americas