Data Center Certifications and Compliances strengthen quality of service and contribute to market competitiveness

With 18 Data Centers in Latin America, Cirion’s services are certified by ISO, by the Uptime Institute’s Tier III, comply with PCI-DDS and AICPA’s SOC 1, SOC 2, and SOC 3. 

Just think about all the activities you do online daily.  Now, imagine 4.66 billion people doing the same[1]. These are millions of terabytes generated every day.  And, for all this information to be quickly and securely processed and circulated around the world, data centers are needed.  

A good data center infrastructure has been an imperative for organizations to escalate their operation – providing, of course, data security, capacity, and efficiency. But how can we know if these attributes will be delivered?

In the same way that diplomas endorse an individual’s aptitude for a given profession, companies also receive certifications for their performance, products, or services, attesting to their quality and security. Therefore, when viewing a data center, you can search for the certifications obtained and evaluate its capacity to provide services that will meet your business needs.

Why are certifications so important?

Data center certifications ensure the efficiency of processes and attest that the service meets international rules and standards for Quality, IT Services Management, and Information and Infrastructure Security, among others.  As an example, we can name Uptime’s Institute certifications ISO 9001, ISO 20000-1, ISO 27001, and Tier.

Compliances also play an important role.  Although they are similar to certifications, they are issued as compliance reports rather than certificates. Thus, they should be called compliances instead of certifications.  Included here are PCI-DSS e AICPA’s SOC1, SOC2, and SOC3.

The data center market is in increasing demand.  GlobalData predicts that the sector’s revenue will go from US$ 466 billion (2020) to US$ 949 billion by 2030 ^[2].  Amidst this whirlwind of data processing, the certifications benefit all parties: they are a differential for companies, contribute to market competitiveness, and help customers select a qualified provider. 

Proven quality

Cirion offers one of the most interconnected Data Center platforms in Latin America, with 18 proprietary data centers – 3 of them in Brazil:  São Paulo, Rio de Janeiro, and Curitiba.  Our services portfolio offers an IT platform to support business applications through Cloud and Security solutions, in addition to infrastructure such as Hosting and Colocation, developed with architecture based on strict security standards (physical and logical) to provide reliable services.

To verify and maintain quality levels, our services count on several certifications and compliances:

ISO Certifications

Created in 1947, the International Organization for Standardization (ISO) is an international non-governmental organization which aims to facilitate globally the coordination and unification of industrial standards.  You’ve probably heard about it, since it is applied in several sectors, including data centers. 

The entire certification process occurs in three stages.  First, there’s an internal auditing, carried out by auditors who are certified in the respective rules and generate a report with recommendations and non-compliances, in addition to informing the strengths of the Management System audited.  Then, there’s an external auditing, endorsing the company if it meets all norm requirements and recommending it as fit to receive the certification, with the final approval occurring in Germany.  ISO certifications are valid for three years and annual auditing is necessary to ensure that they are maintained.  When expired, there must be a recertification process, which will ensure validity for 3 more years.

Cirion’s data centers in Brazil possess the following certifications:

• ISO 9001 – centered on Quality System. Data Centers in Cotia (SP), Rio de Janeiro (RJ), and Curitiba (PR) have been certified since 2014;
• ISO 20000-1 – centered on Service Management System. Data Centers in Cotia (SP), Rio de Janeiro (RJ), and Curitiba (PR) have been certified since 2018;
• ISO 22301 – centered on Business Continuity Management System. Data Centers in Cotia (SP), Rio de Janeiro (RJ), and Curitiba (PR) have been certified since 2021;
• ISO 27001 – centered on Information Security Management. Data Centers in Cotia (SP), Rio de Janeiro (RJ), and Curitiba (PR) have been certified since 2016;
• ISO 27017 – centered on Information Security Management System – Practice code for Information Security Controls for cloud services. Data Centers in Cotia (SP) and Rio de Janeiro (RJ) have been certified since 2017;
• ISO 27018 – focused on Information Security Management System – Practice code for the protection of Personal Identification Information for cloud services. Data Centers in Cotia (SP) and Rio de Janeiro (RJ) have been certified since 2020;

 Tier – Uptime Institute

Founded in 1993 in the United States, the Uptime Institute is a globally recognized entity which created the Tier certifications, aiming to measure and qualify the availability of a data center’s infrastructure. It currently counts on 1,883 certifications, in 107 countries.

The certification is based on the Tier Standard, which encompasses criteria related to power supply, engine generators, cooling equipment, security (such as fire detection and control), and automation.  It is divided into four levels:

• Tier I – basic infrastructure, non-redundant, single distribution path;
• Tier II – have redundant capacity;
• Tier III – have multiple independent distribution paths and are characterized by their double power source, which means that in case of unavailability due to electrical or climate issues, another system is ready to keep up these functions.  Therefore, maintenances can be carried out without the need to shut down the data center;
• Tier IV – independent, fault-tolerant, double-feeding equipment. They demand a high level of automation to execute corrections without manual needs.

Furthermore, it is categorized into:

• Design Documents: evaluates infrastructure, performance, and capacity
• Constructed Facility: endorses construction according to the project
• Operational Sustainability: observes the process and its maturity to ensure availability.

Cirion’s Data Center in Cotia (SP) possesses the Tier III Design Documents and Constructed Facility certifications and Rio de Janeiro’s (RJ) has the Tier III Design Documents certification; we are currently in the project phase to obtain the certification for Constructed Facility, assuring that the entire structure, equipment and processes were planned and implemented for business continuity. 

Compliance with PCI-DSS

Created in 2006 by the Payment Card Industry Security Standards Council (PCI SSC), it is formed by MasterCard, American Express, Visa, JCB International, and Discover Financial Services, that aligned their individual policies to create PCI-DSS. This is an international security pattern which strives for creating an additional layer of protection for card issuers, ensuring that merchants meet the minimum levels of security when storing, processing, and transmitting the card holder’s information.

The evaluation process is annual and like an auditioning process, conducted through a QSA (Qualified Security Assessor); if compliant with all 12 requisites, a compliance certificate called AoC (Attestation of Compliance) is issued.

Data Centers in Cotia (SP), Rio de Janeiro (RJ), and Curitiba (PR) are compliant with requisites 9, 11.1 e 12 since 2016.

SOC Compliance

Created in 2009 by the Association of International Certified Professional Accountants (AICPA), it replaces the SAS 70 report. It is an international standard which intends to provide our customers’ auditors sufficient evidence on Cirion’s internal controls, information security and IT controls.

The process for obtaining the report is annual and like an auditing process, conducted by a specialized consultant; if compliant with all objectives, a report certifying the evaluated period is issued.

• SOC 1 – SOC report centered on providing reasonable assurance that Cirion’s financial statements are reliable and put together according to the IFRS’ Internal Control over Financial Reporting (ICFR). Cotia’s Data Center (SP) has been compliant since 2007, Rio de Janeiro’s Data Center (RJ) since 2012, and Curitiba’s Data Center (PR) since 2020.
• SOC 2 – SOC report centered on Information Security based on Trust Services Criteria. Cotia’s Data Center (SP) has been compliant since 2020.
• SOC 3 – SOC report focused on Information Security based on the Trust Services Criteria for General Use Report. Cotia’s Data Center (SP) has been compliant since 2020.

 The 4^th Industrial Revolution is already part of our reality, and it increasingly demands more agility and capacity for managing data.  Therefore, Data Centers offer high-level security, advanced network, clean and continuous energy, specialized support, and a global ecosystem.  All this with a high-availability, low-latency network – endorsed by certificates and compliances – to maintain your business connected. 

[1] Report We Are Social and Hootsuite – 2021

² Data Centers – Thematic Research – 2021

Author:
Nelma Santos
Data Center, Cloud & Security Processes Manager
Cirion, Brasil

Nelma coordinates certifications and compliances for Cirion’s 18 Data Centers in Latin America.  She is responsible for Cirion’s Integrated Management System, centered on customer experience through an efficient practice of continuous improvement.

She has more than 30 years of experience in IT, has a post-graduate degree in Information Technology Management and Governance from FIAP, and holds certificates for ITIL 4 Managing Professional, ITIL Expert, ISO 20000 Foundation, ISO 27002 Foundation, and COBIT Foundation.