Compliance
Built to perform. Made to comply.
DWTI data centers for government workloads were designed and built to meet the strictest standards of the U.S. government.
We’ve employed the security and privacy controls defined by NIST SP 800-53, and all DWTI data centers for government use meet FedRAMP and FISMA compliance standards and are audited regularly in our SOC 2, Type II reports.
DWTI helps customers seeking HIPAA and PCI-DSS compliance by providing and meeting the necessary infrastructure-related controls for those certifications.
These physical and network controls are enhanced with additional security features, inlcuding hardware and software firewalls, multi-factor authentication, vulnerability scans, anti-virus and anti-spyware protection, host-based intrusion detection, virtual private networks (IPSEC and VPN SSL), and SSL certificates.
FedRAMP
FedRAMP (the Federal Risk and Authorization Management Program) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring of cloud products and services.
FedRAMP authorizes cloud systems with a three-step process that includes security assessment, leveraging and authorization, and ongoing assessment and authorization.
All DWTI data centers are built to FedRAMP standards.
Data centers reserved for government workloads have FedRAMP certification pending.
FISMA
The Federal Information Security Management Act of 2002 (FISMA) was created to ensure the security of data in the federal government.
The act requires program officials and agency heads to conduct annual reviews of information security programs, with the intent of keeping risks at or below specified acceptable levels in a cost-effective, timely, and efficient manner.
All DWTI data centers are built to FISMA standards.
Data centers reserved for government workloads have FISMA certification pending.
SOC Reports
DWTI provides SOC 1, SOC 2, and SOC 3 reports. These reports evaluate DWTI’s operational controls with respect to criteria set by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles.
The Trust Services Principles define adequate control systems and establish industry standards for service providers such as DWTI to safeguard their customers’ data and information.
Customers may download the current DWTI SOC 1 and SOC 2 reports from the customer portal or contact our sales team.
Our SOC 3 report is available for general use and can be accessed here: DWTI SOC 3 Report.
Safe Harbor
Safe Harbor is an important way for U.S. companies to avoid experiencing interruptions in their business dealings with the EU or facing prosecution by European authorities under European privacy laws. Certifying to the safe harbor will assure that EU organizations know that your company provides “adequate” privacy protection, as defined by the Directive.
Cloud Security Alliance – STAR Registrant
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within cloud computing.
One of the mechanisms the Cloud Security Alliance uses in pursuit of its mission is the Security, Trust, and Assurance Registry (STAR)—a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings.
PCI Compliance
If you store or process credit card data, then PCI Compliance and network security are of primary concern to your business.
To ensure consistent standards for merchants, the Payment Card Industry Security Standards Council established Payment Card Industry (PCI) data security standards.
These standards incorporate best practices to protect cardholder data, and they often require validation from a third-party Qualified Service Assessor (QSA).
We help our customers supplement their internal security controls to meet PCI compliance by assisting with 3rd party auditor security walkthroughs and providing proof of physical and environmental controls while maintaining strict information security policies.
HIPAA Compliance
The U.S. Health Insurance Portability and Accountability Act requires specific security controls for businesses that store or process protected health information online.
The DWTI cloud platform meets all of the necessary requirements for HIPAA on the data center/service provider side.
For more information about and assistance to achieve, certify, and maintain HIPAA compliance for your DWTI environment, please contact our sales team.