Secure Data Center Standards & Compliance
NTT America is committed to operating secure data centers that meet the strict standards and compliance needs of businesses today. We understand the importance security, integrity and availability play in supporting our customers’ mission critical systems. NTT America works to ensure compliance to various security standards such as SSAE 16, ISAE 3402, PCI DSS and HIPAA/HITECH.
NTT America's status as a Microsoft Gold Certified Partner demonstrates our experience and service capabilities in hosting and application solutions delivery surrounding Microsoft's technology portfolio.
As a Microsoft Gold Certified Partner, we are able to provide end user customers and partners a high-level of quality assurance and expertise in delivering Microsoft's latest technology solutions.
NTT America data centers are compliant to SSAE 16 (US) and ISAE 3402 (International) industry standards. This report is suited to our financial industry customers or our customers’ financial auditors.
These standards are governed by the AICPA and speak to critical aspects of our data centers — physical access, network and IP backbone access, system availability, customer provisioning and problem management. NTT America is regularly assessed and tested by Ernst & Young, giving you additional and independently verified assurance that your IT operations are secure with us.
Also governed by the AICPA and similar in scope to our SOC 1 Report, but intended to meet the needs of a broader range of customers, our SOC 2 Report helps our customers understand more about NTT America’s internal controls, especially those related to Security & Availability.
NTT Communication’s ISO 27001 certification of the global Enterprise Cloud and colocation products has been extended to include NTT America’s Sterling, VA and San Jose, CA sites. ISO 27001 is a globally recognized information security certification that validates the Information Security Management System of companies that have a strong system of internal controls and information security processes.
Payment Card Industry Data Security Standard v3.1 is a set of requirements designed to ensure that all organizations or merchants that process, store or transmit credit card information maintain a secure environment.
Because PCI is a shared responsibility, NTT America wants you to be able to focus on the areas that apply to your organization, knowing that NTT America’s Colocation environment has been assessed against the applicable PCI Requirements (9 & 12) and found to properly restrict physical access to cardholder data and maintain information security policies.
NTT America has successfully completed an independent examination of its data center Information Security Program for Colocation Services Related to HIPAA and HITECH.
NTT America Data Center information security program adopts essential elements of the Health Insurance Portability and Accountability Act Security Rule of 2003 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act (HITECH), enacted as part of the American Recovery and Reinvestment Act of 2009 including applicable components of Administrative safeguards, Physical safeguard, Technical safeguards and Breach notification requirements. HIPAA is the federal law that establishes standards for the privacy and security of electronic protected health information (ePHI) in the healthcare and health insurance industries as well as standards for electronic data interchange (EDI) of health information. The HIPAA Security Rule of 2003 requires covered entities to implement or address over 50 administrative, physical, and technical safeguards designed to ensure the confidentiality, availability, and integrity of ePHI, including the prevention of unauthorized access to ePHI.