COMPLIANCE & CERTIFICATIONS

Compliance and Certifications

Cologix’s compliance programs address security, energy efficiency and sustainability, meeting rigorous industry standards and demonstrating our commitment to high standards.

Enhanced security

Cologix is ISO 27001 certified by Schellman for our information security management systems for all data centers

Flexibility and scalability

Cologix has third-party assessments for SOC 1, SOC 2, HIPAA and PCI-DSS at all our facilities, enabling customers to grow without sacrificing protection

Environmental responsibility

As Cologix continues to grow, we pride ourselves in doing so in the best interest of the communities we serve while ensuring the long-term health of the planet

Compliance & Certifications

ISO 27001

Cologix has achieved ISO/IEC 27001:2013 (ISO 27001) certification for its information security management system (ISMS) supporting its Data Center Colocation and Interconnection Services for the specified corporate office and data center facility locations. ISO 27001 is an internationally recognized standard that demonstrates an organization’s commitment to establishing a management system relevant to information security, and continual improvement over time. An ISMS is a holistic approach to securing the confidentiality, integrity and availability (CIA) of corporate information assets, and it consists of policies, procedures and other controls involving people, processes and technology.

Risk management forms the cornerstone of an ISMS. Regular information security risk assessments are conducted to determine which security controls to implement and maintain as well as to ensure the effectiveness of the ISMS. The ISO 27001 standard defines its requirements for the risk management process, including risk assessment and risk treatment.

SOC 1 Type 2

The controls addressed in a SOC 1 examination are those that Cologix implements at its sole discretion to prevent, detect and correct, errors or omissions in the information it provides to its customers.

By engaging an independent CPA to examine and report on Cologix’s controls, Cologix can respond to meet the needs of its customers and obtain an objective evaluation of the effectiveness of controls that address operations and compliance over the controls that may have a direct or indirect impact to the financial reporting of its customers. Cologix undergoes an annual SOC 1 Type 2 examination that opines on management’s description of a System and Organization’s system, the suitability of the design and operating effectiveness of its controls.

SOC 2 Type 2

SOC 2 reports are attestation reports that opine on an organization’s controls that are relevant to the AICPA’s Trust Services Categories and related Criteria. Cologix’s Data Center Colocation and Interconnection Services are evaluated using the following Trust Services Categories and related Criteria as part of its annual SOC 2 Type 2 examination.

Security– Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems and affect the entity’s ability to meet its objectives.

Availability – Information and systems are available for operation and use to meet the entity’s objectives.

PCI DSS Validation

PCI DSS applies to all entities, both service providers and merchants, that store, process, and/or transmit cardholder data. PCI DSS evaluates a merchant’s or service provider’s controls to protect payment card data from unauthorized access or use. This includes a set of technical and operational controls, including physical security, and ongoing security operations to maintain a compliant security posture year-round.

The Payment Card Industry Data Security Standard (PCI DSS) validation must be performed by an accredited Qualified Security Assessor (QSA) Company. PCI DSS includes a set of detailed requirements and defined testing procedures that must be performed during the validation process for the requirements determined to be within scope and compliant for the service provider or merchant.

At the conclusion of each annual engagement, Cologix receives a Report on Compliance (ROC) and Attestation of Compliance (AOC). The AOC includes a summary of the assessment findings and conclusion along with sign-offs from both the QSA Company and the Organization.

HIPAA Assessment

The Health Insurance Portability and Accountability Act (HIPAA) regulation was enacted by the United States Congress in 1996 and applies to covered entities, as well as business associates (organizations that create, receive, maintain, or transmit protected health information (PHI) on behalf of a covered entity) and subcontractors (organizations that create, receive, maintain, or transmit PHI on behalf of a business associate). Subcontractors are also considered business associates.

The HIPAA Security Rule includes 22 Standards and 50 Implementation Specifications and is applicable to all business associates.

The HITECH Breach Notification Rule includes 4 Standards and 9 Implementation Specifications of which a subset is applicable to business associates.

Cologix receives an annual independent third-party assessment of its controls in relation to the HIPAA Security Rule and HITECH Breach Notification Rule.

EcoVadis Silver Medal

In early 2023, Cologix earned EcoVadis’ Silver Medal in recognition of our sustainability efforts. EcoVadis is a globally recognized platform that monitors the sustainability performance of companies in every sector. Our Silver Medal signifies Cologix belongs to the top 20 percent of the best companies in our sector across 21 sustainability criteria across environment, work practices and human rights, ethics and sustainable purchases.

ENERGY STAR Certified

Cologix data centers COL1, COL2, COL3, JAX2 and SV1 have earned EPA’S ENERGY STAR certification. To be eligible, a building must score 75 or higher, indicating it performs better than at least 75% of similar buildings throughout the country. The score, which is calculated within EPA’s ENERGY STAR Portfolio Manager Tool, factors in various criteria, including differences in operating conditions and regional weather data.

LEED Gold Registered

In 2023, Cologix registered for LEED Gold (Leadership in Energy and Environmental Design) for our MTL8 data center. This demonstrates our commitment to achieving not only LEED certification but also to reducing CO2 emissions, promoting sustainability, increasing energy efficiency and the optimization of indoor air and the quality of the environment