The Mystery of Data Center Regulations
When it comes to data centers, the words regulations and compliance are sure to follow in every conversation. Did you know that according to a recent independent survey conducted by the Ponemon Institute and Tripwire, Inc., the average cost of compliance was estimated to be around $3.5 million a year, while the cost of non-compliance was slated to be around $9.4 million? In other words, non-compliance cost was 2.65 times the cost of compliance for the 46 organizations that participated in the survey.
Some of the most difficult data center regulations to adhere to are the PCI DSS (Payment Card Industry Data Security Standard), various state privacy and data protection laws, and the most dreaded SSAE 16 certification for data centers dealing with the financial sector.
The Standards for Attestation Engagements (SSAE ) No. 16 replaces the Statement on Auditing Standards (SAS70) in part and comprises of the new Service Organization Control (SOC) reporting framework comprising of the SOC1, SOC2 and SOC3 reports. The SOC1 reports are focused on organizations that have a well-defined financial accounting system and internal controls for financial reporting (ICFR). SOC2 and SOC3 reports are focused on reporting for service organizations oon factors like “Security, Availability, Processing Integrity, Confidentiality, and/or Privacy".
Another compliance issue that needs to be adhered to is the Health Insurance Portability and Accountability Act (HIPAA) standard for the health care industry. The Health Information and Technology for Economic and Clinical Health (HITECH) Act also applies to data centers that store and transmit electronic protected health information (ePHI).
With so many controls and reports to be in place for the data center, it is better to be safe than sorry and resort to professional data center compliance advisors and consultants. Lifeline Data Centers, headquartered at Indianapolis, have an excellent track record of meeting and exceeding regulatory compliance, and can help in setting up and running a compliant data center in the most cost efficient way.