phoenixNAP Cloud’s compliance department works with independent auditors and third-party organizations to meet the industry’s most stringent guidelines, and we provide you with the reports and information you need for your own compliance needs. The physical and virtual controls of our facilities, network, and customer portal are an extension of your own, and we make it easy for you to get the information you need for your own audits. SOC 2 Secure Document Transfer
phoenixNAP is authorized under the Arizona Security, Privacy, Risk & Authorization Management Program (AZRamp) program to access, transmit, process, and/or store State of Arizona “Confidential” information.
phoenixNAP Cloud provides a Service Organization Controls 2 (SOC 2), Type II report, an evaluation of phoenixNAP Cloud operational controls’ compliance to criteria set by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. The Trust Services Principles define adequate control systems and establish industry standards for service providers such as phoenixNAP Cloud to safeguard their customers’ data and information. Customers may request the current phoenixNAP Cloud SOC 2 report to contact our sales team.
The U.S. Health Insurance Portability and Accountability Act requires specific security controls for businesses that store or process protected health information online. The SoftLayer cloud platform meets all of the necessary requirements for HIPAA on the data center/service provider side. For more information about and assistance to achieve, certify, and maintain HIPAA compliance for your SoftLayer environment. SOC 2 Secure Document Transfer
If you store or process your customers’ credit cards or banking information, data and network security are of primary concern to your business. The Payment Card Industry Security Standards Council established Payment Card Industry (PCI) data security standards to ensure consistent standards for merchants. These standards incorporate best practices to protect cardholder data, and they often require validation from a third-party Qualified Service Assessor (QSA). All of SoftLayer’s internal systems are PCI Compliant because we store and process cardholder data. We also help our customers attain PCI compliance by providing documentation of our data center and network controls to supplement their internal security controls to meet PCI standards.