Secure Data Center Standards & Compliance
NTT America is committed to operating secure data centers that meet the strict standards and compliance needs of businesses today. We understand the importance security, integrity and availability play in supporting our customers’ mission critical systems. NTT America works to ensure compliance to various security standards such as SSAE 16, ISAE 3402, PCI DSS and HIPAA/HITECH.
NTT America's status as a Microsoft Gold Certified Partner demonstrates our experience and service capabilities in hosting and application solutions delivery surrounding Microsoft's technology portfolio.
As a Microsoft Gold Certified Partner, we are able to provide end user customers and partners a high-level of quality assurance and expertise in delivering Microsoft's latest technology solutions.
NTT America data centers are compliant to SSAE 16 (US) and ISAE 3402 (International) industry standards. This report is suited to our financial industry customers or our customers’ financial auditors.
These standards are governed by the AICPA and speak to critical aspects of our data centers — physical access, network and IP backbone access, system availability, customer provisioning and problem management. NTT America is regularly assessed and tested by Ernst & Young, giving you additional and independently verified assurance that your IT operations are secure with us.
Also governed by the AICPA and similar in scope to our SOC 1 Report, but intended to meet the needs of a broader range of customers, our SOC 2 Report helps our customers understand more about NTT America’s internal controls, especially those related to Security & Availability.
NTT Communication’s ISO 27001 certification of the global Enterprise Cloud and colocation products has been extended to include NTT America’s Sterling, VA and San Jose, CA sites. ISO 27001 is a globally recognized information security certification that validates the Information Security Management System of companies that have a strong system of internal controls and information security processes.
Payment Card Industry Data Security Standard v3.1 is a set of requirements designed to ensure that all organizations or merchants that process, store or transmit credit card information maintain a secure environment.
Because PCI is a shared responsibility, NTT America wants you to be able to focus on the areas that apply to your organization, knowing that NTT America’s Colocation environment has been assessed against the applicable PCI Requirements (9 & 12) and found to properly restrict physical access to cardholder data and maintain information security policies.
NTT America has successfully completed an independent examination of its data center Information Security Program for Colocation Services Related to HIPAA and HITECH.
NTT America Data Center information security program adopts essential elements of the Health Insurance Portability and Accountability Act Security Rule of 2003 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act (HITECH), enacted as part of the American Recovery and Reinvestment Act of 2009 including applicable components of Administrative safeguards, Physical safeguard, Technical safeguards and Breach notification requirements. HIPAA is the federal law that establishes standards for the privacy and security of electronic protected health information (ePHI) in the healthcare and health insurance industries as well as standards for electronic data interchange (EDI) of health information. The HIPAA Security Rule of 2003 requires covered entities to implement or address over 50 administrative, physical, and technical safeguards designed to ensure the confidentiality, availability, and integrity of ePHI, including the prevention of unauthorized access to ePHI.
NTT America, Inc. complies with the U.S.-EU Safe Harbor Framework and the U.S. Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland.
On October 6, 2015, however, the European Court of Justice issued a judgment declaring as “invalid” the European Commission’s Decision 2000/520/EC of 26 July 2000 “on the adequacy of the protection provided by the Safe Harbor Principles and related frequently asked questions issued by the US Department of Commerce.” In response to this decision, the Department of Commerce announced that it will continue to administer the Safe Harbor program, including processing submissions for self-certification to the Safe Harbor Framework. NTTA intends to maintain its Safe Harbor Certification; please be advised, however, that due to the ECJ’s decision, you may no longer rely on NTTA’s Safe Harbor certification as the basis to lawfully transfer personal data from the EU to the U.S. Upon your request, and if legally required, NTTA will enter into European Commission (EC) Model Contract Clauses for processing your personal data. Please contact your account manager if you would like to enter into such an arrangement.
Annually, NTT America certifies that we adhere to the Safe Harbor Principles of notice, choice, onward transfer, security, data integrity, access and enforcement. This policy applies to all personal information that NTT America handles, including contact information that is gathered before and during the provisioning of customer solutions and also during on-going support of these solutions. To learn more about the Safe Harbor program, and to view NTT America’s certification, please visit http://www.export.gov/safeharbor/.