Compliance

ViaWest’s Controls

ViaWest understands that our customers are subject to varying compliance and regulatory obligations. In order to effectively meet our customers’ needs, ViaWest's compliance group has created a security, governance and risk management framework of policies, procedures and standards that draws on many areas. Our policies, procedures and standards are created based on aspects of the following control specifications:

• ISO/IEC 27000 series
• NIST 800-53
• ITIL 3.0
• HIPAA Security Rule
• Federal Information Systems Management Act (FISMA)
• Gramm-Leach-Bailey Act (GLBA) Interagency Guidelines
• Payment Card Industry (PCI) Data Security Standard v2.0
• Trust Services Principles and Criteria

Often, our customers have requirements above and beyond what our standard process or product offerings provide. In these situations, ViaWest will work with you, our customer, to tailor products or processes where possible and develop an ideal solution that is centered around you.

ViaWest’s Reports and Accreditations

ViaWest’s in-house compliance team obtains independent auditor reports and certifications annually. These provide our customers and their auditors the information on the design and operating effectiveness of ViaWest’s operational controls that is likely to be relevant to our customers’ systems of internal control. By obtaining these reports, ViaWest not only saves our customers the time and expense of sending in their own auditors but the assurance they need regarding the assets and information within our data centers.

The independent auditor reports or certifications that ViaWest has obtained include:

SOC 1/SSAE 16/ISAE 3402 type II report

ViaWest has a Service Organization Controls 1 (SOC 1), Type 2 report. The audit for this report is conducted in accordance with the Statement on Standards for Attestation Engagements No. 16 (SSAE 16) and the International Standards for Assurance Engagements No. 3402 (ISAE 3402) professional standards. This dual-standard report is specifically intended to meet the needs of ViaWest customers and their auditors, as they evaluate the effect of the controls at ViaWest on their financial statement assertions. The SOC 1 report attests that ViaWest’s control objectives are appropriately designed and operating effectively.

SOC 3 on the Security Trust Services Principle

ViaWest’s SOC 3 report is a Trust Services Report (Trust Services Principles, Criteria, and Illustrations) specifically designed to meet the needs of customers and potential customers who want assurance about ViaWest controls related to one or more of the Trust Services Principles (security, availability, processing integrity, confidentiality, or privacy) but do not need the level of detail provided in a SOC 2 Report. ViaWest’s SOC 3 report on the Security Trust Services Principle is available to view by clicking the SysTrust seal above.

Report on Compliance for sections 9 and 12 of the PCI DSS for our Cornell and Synergy Park facilities

The Payment Card Industry Data Security Standards (PCI DSS) is the current global data security standard adopted by the major payment card brands. PCI DSS applies to all organizations that store, process or transmit cardholder data, and provides a framework for developing robust security processes. In earning the PCI report on compliance for sections 9 and 12 of the PCI DSS, ViaWest is able to support its clients in meeting the criteria for two of the twelve different PCI DSS requirements.

United States- European Union Safe Harbor Privacy Framework

US-EU Safe Harbor is a streamlined process for US companies to comply with the EU Directive 95/46/EC on the protection of personal data. The process was developed by the US Department of Commerce in consultation with the EU. The Safe Harbor Principles are designed to prevent accidental information disclosure or loss. ViaWest annually reregisters adherence to the program.