AiNET _ Data Center Certifications

http://www.ai.net/data-centers/ainet-data-center-certifications
There are a number of certifications that qualify a data centers capabilities on an overall
basis and within specific fields like serving Government or the healthcare industry.

Years in the making, AiNET Data Centers proudly feature the following Certifications:
SSAE-16 Type II SOC1/SOC2/SOC3: SSAE-16 is an enhancement to the current
standard for Reporting on Controls at a Service Organization, the SAS70. The changes made
to the standard will bring your company, and the rest of the companies in the US, up to date
with new international service organization reporting standards, the ISAE 3402.
A SOC 1 Report (Service Organization Controls Report) is a report on Controls at a Service
Organization which are relevant to user entities internal control over financial reporting. The
SOC1 Report is what you would have previously considered to be the standard SAS70,
complete with a Type I and Type II reports, but falls under the SSAE 16 guidance.
The Service Organization Control (SOC) 2 Report will be performed in accordance with AT
101 and based upon the Trust Services Principles, with the ability to test and report on the
design (Type I) and operating (Type II) effectiveness of a service organizations controls (just
like SOC 1 / SSAE 16). The SOC 2 report focuses on a businesss non-financial reporting
controls as they relate to security, availability, processing integrity, confidentiality, and
privacy of a system, as opposed to SOC 1/SSAE 16 which is focused on the financial
reporting controls.
The SOC 3 Report , just like SOC 2, is based upon the Trust Service Principles and performed
under AT101, the difference being that a SOC 3 Report can be freely distributed (general
use) and only reports on if the entity has achieved the Trust Services criteria or not (no
description of tests and results or opinion on description of the system). The lack of a
detailed report requires that a SOC 3 be performed as a Type II, unlike SOC 1 and SOC 2
where there is a Type I option. SOC 3 reports can be issued on one or multiple Trust Services
principles (security, availability, processing integrity, confidentiality and privacy) and allow
the organization to place a seal on their website upon successful completion.
The Trust Service Principles were designed with a focus on e-commerce systems due to the
amount of private/confidential/financial information that flows across the internet daily.

When a customer processes a transaction (online retailer), builds a business on your service
(SaaS providers), or submits private information, they want to know best practices are being
followed by the company to guard against security leaks, lost sales, and damaged data. The
most common reports based upon the trust principles are referred to as WebTrust and
SysTrust.
The SysTrust review encompasses a combination of the following principles:
Security: The system is protected against unauthorized access (both physical and logical).
Availability: The system is available for operation and use as committed or agreed.
Processing Integrity: System processing is complete, accurate, timely, and authorized.
Confidentiality: Information designated as confidential is protected as committed or agreed.
The WebTrust certification can fall into the following four categories:
WebTrust. The scope of the engagement includes any combination of the trust principles and
criteria
.
WebTrust Online Privacy. The scope of the engagement is based upon the online privacy
principle
and
criteria.
WebTrust Consumer Protection. The scope of the engagement is based upon the processing
integrity
and
relevant
online
privacy
principles
and
criteria.
WebTrust for Certification Authorities. The scope of the engagement is based upon specific
principles and related criteria unique to certification authorities.
SAS 70 Type II: SAS 70 provides guidance to service auditors when assessing the
internal controls of a service organization. The more-stringent SAS 70 Type II certification
report includes the service auditors opinion on the fairness of the presentation of the
service organizations description of controls that had been placed in operation and the
suitability of the design of the controls to achieve the specified control objectives.
TIA-942 Tier IV: Highest level data certification designated by the
Telecommunications Industry Association (TIA) and sanctioned by the American National
Standards Institute (ANSI). The hallmark of a TIA-942 Tier IV data center is a
design/implementation that offers not just concurrent maintainability, but also fault
tolerance the ability of the data center to withstand the loss of one or more major systems.
See thorough system block diagramsof AiNETs certified TIA-942 Tier IV
design/implementation.
DCID 6/9 (Director of Central Intelligence, Directive 6/9): Standard addressing the
construction, access control and alarming of a Sensitive Compartmented Information Facility
(SCIF). Still widely-known, although it has been replaced by ICD 705.
ICD 705.2/705.3 (Intelligence Community Directive 705.2/705.3): The successor set
to DCID 6/8, ICD 705.2 addresses Construction of SCIFs Within the United States (including
U.S. Trusts, Territories and Possessions) while 705.3 addresses foreign locations.
FISMA (Federal Information Security Management Act). Active High/Moderate/Low
ATO.
NIST Cloud (National Institute of Standards and Technology Standards on Cloud
computing and security):
DIACAP (DoD Information Assurance Certification and Accreditation Process):
EHNAC (Electronic Healthcare Network Accreditation Commission).
HIPAA (Health Insurance Portability and Accountability Act).
PCI-DSS (Payment Card Industry Data Security Standard): An information security
standard for organizations that handle cardholder information for credit cards, debit cards,
etc.
Sarbanes-Oxley: The SarbanesOxley (SOX) law defines mandates and
requirements for financial reporting.

FIPS-140: Issued by the National Institute of Standards and Technology, the Federal
Information Processing Standards (FIPS) 140 Series are security standards dealing with
hardware and software cryptography modules.