Ensure Best Practices with Data Center Compliance

When you handle sensitive data, you need a data center solution that meets the most rigorous compliance and security requirements.

Citadel data center solutions can include ISO/IEC 27001, PCI DSS, HIPAA/HITECH, FISMA-High, SSAE 18 (SOC 1 Type II), Type 2 AT 101/SOC 2, HITRUST, FFIEC, CSA STAR, Business Continuity and Disaster Recovery (BCDR).

Citadel data center partners use industry best practices and participates in regular third-party audits to ensure optimal data center performance.

Data Center Audits and Certification - Citadel Data Centers

Guide to Data Center Audits and Certifications

Below is your comprehensive guide to data center audits and reports.



Mandated by the U.S. Health and Human Services Dept., the Health Insurance Portability and Accountability Act of 1996 specifies laws to secure protected health information (PHI), or patient health data (medical records). When it comes to data centers, a hosting provider needs to meet HIPAA compliance to ensure sensitive patient information is protected.

A HIPAA audit conducted by an independent auditor against the OCR HIPAA Audit Protocol can provide a documented report to prove a data center operator has the proper policies and procedures in place to provide HIPPA solutions.


The Payment Card Industry Data Security Standard was created by the major credit card issuers and applies to companies that accept, store process and transmit credit cardholder data. Data center operators need a PCI compliant environment with an independent audit and many can help fulfill the 12 PCI requirements.


2011. A SSAE 16 audit measures the controls relevant to financial reporting.

  • Type 1 – A data center’s description and assertion of controls, as reported by the company.
  • Type 2Auditors test the accuracy of the controls and the implementation and effectiveness of controls over a specified period of time.

The first of three new Service Organization Controls report was developed by the AICPA and measures the controls of a data center as relevant to financial reporting. It is essentially the same as an SSAE 16 audit.


This report and audit is different from the SOC 1 report. SOC 2 measures controls specifically related to IT and data center service providers. The five controls are security, availability, processing integrity (ensuring system accuracy, completion, and authorization), confidentiality and privacy. There are two types:

  • Type 1 – A data center’s system and suitability of its design of controls, as reported by the company.
  • Type 2 – Includes everything in Type 1, with the addition of verification of an auditor’s opinion on the operating effectiveness of the controls.

The SOC 3 report includes the auditor’s opinion of SOC 2 components with an additional seal of approval to be used on websites and other documents. The report is less detailed and technical than a SOC 2 report.

© 2019 Citadel Data Centers. All rights reserved.

Click Me