Security

Compliance

Compliance without confusion.

Our compliance department welcomes the opportunity to work with your business and third party organizations and independent auditors that meet the strictest guidelines of the industry in providing you updated information and reports that meet your needs for compliance.

Responsibility

You make your infrastructure safe by using your own internal means, and you depend on us to give you the same level of security.

Rigorous controls

We adhere to the industry’s most inflexible guidelines when we work with independent auditors and third-party organizations.

One click

Our customers can easily access our compliance reports through the customer portal.

SOC Reports

Xband Enterprises provides SOC 1, SOC 2 and SOC 3 reports. These reports evaluate our operational controls with respect to criteria set by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. The Trust Services Principles define adequate control systems and establish industry standards for services providers such as SoftLayer to safeguard their customers’ data and information.

Customers may download the current SoftLayer SOC 1 and SOC 2 reports from the customer portal or contact our sales team. Our SOC 3 report is available for general use and can be requested at any time.

ISO 27001

ISO 27001 is a widely-adopted global security standard that outlines the requirements for information security management systems and provides a systematic approach to managing company and customer information based on periodic risk assessments. The latest standard, ISO/IEC 27001:2013, was published on September 25, 2013 by by the International Organization of Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee.

In order to achieve ISO 27001:2013 certification, a company must show it has a systematic and ongoing approach to managing information security risks that affect the confidentiality, integrity, and availability of company and customer information. This standard emphasizes the measurement and evaluation of how well an organization’s Information Security Management System (ISMS) is performing and also includes information security related controls based system along with other requirements.

ISO 27017

ISO/IEC 27017:2015 gives guidelines for information security controls applicable to the provisioning and use of cloud services as well as implementation guidance for both cloud service providers and cloud service customers. ISO 27017 provides implementation guidance for relevant controls specified in ISO/IEC 27002 as well as additional controls and guidance that specifically relate to cloud services.

Xband Enterprises alignment with ISO 27017:2015 demonstrates that we have a highly sophisticated system of cloud-specific controls in place and that we are committed to being the best in IaaS, domestically and across the globe.

ISO 27018

ISO 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO 29100 for the public cloud computing environment.

In particular, ISO 27018:2014 specifies guidelines based on ISO 27002, taking into consideration the regulatory requirements for the protection of PII which might be applicable within the context of the information security risk environment(s) of a provider of public cloud services.

PCI Compliance

If you store or process credit card data then PCI Compliance and network security are of primary concern to your business. To ensure consistent standards for merchants, the Payment Card Industry Security Standards Council established Payment Card Industry (PCI) data security standards. These standards incorporate best practices to protect cardholder data, and they often require validation from a third-party Qualified Service Assessor (QSA). We help our customers meet their PCI compliance needs by providing an Attestation on Compliance from an independent QSA. The Attestation on Compliance can be used in conjunction with our SOC 2 report and ISO 27001 certification to demonstrate that the infrastructure meets the PCI controls. Customers and their auditors can use our reports to verify the PCI controls that are Xband Enterprises responsibility have been achieved.

HIPAA Compliance

The U.S. Health Insurance Portability and Accountability Act requires specific security controls for businesses that store or process protected health information online. The SoftLayer cloud platform meets all of the necessary requirements for HIPAA on the data center/service provider side.

EU Model Clauses

Xband Enterprises offers its customers the ability to choose precisely where to locate data, with data centers on five continents. For customers who wish to transfer data originating in the European Economic Area to a country outside the EEA, Xband Enterprises offers European Model Clauses in the form approved by the European Commission and European Union’s data protection authorities. The European Model Clauses guarantee European customers that SoftLayer supports the necessary data privacy protections in every location on the globe.

Contact your Cloud Advisor today.Consult With Us