SOURCE: Latisys


June 25, 2013 06:55 ET

Latisys Achieves PCI and HIPAA Compliance for National IT Infrastructure Services Platform

Expanding Compliance Portfolio in Response to Growing Customer Demand for Audit-Ready IT Infrastructure Services

ASHBURN, VA--(Marketwired - Jun 25, 2013) -  Responding to growing demand for outsourced IT services designed, tested and audited to meet the controls requirements of key government and regulatory standards, Latisys today announced it has achieved key compliance for industry best practices and regulatory standards to deliver the highest levels of security and reliability as deemed by third party auditors.

Latisys, a national provider of Infrastructure as a Service (IaaS) solutions spanning data center colocation, managed hosting, cloud and hybrid infrastructure, owns and operates a national platform of seven data centers. The compliance reports distinguish Latisys' entire platform as being in alignment with key regulatory standards and government requirements including:

  • The Payment Card Industry (PCI) Data Security Standard (DSS) 2.0
  • The Health Insurance Portability and Accountability Act (HIPAA) report for physical controls
  • The Gramm-Leach-Bliley Act (GLBA) -- otherwise known as the Financial Services Modernization Act of 1999

In addition, Latisys' platform is operated under SSAE 16 (SOC 2 Type 2 and SOC 3) audited controls. This replaces the SAS 70 guidebook and reaffirms Latisys' commitment to meet the highest standards for availability and security, while making sure all of the appropriate controls and safeguards are firmly in place. Latisys' SSAE16 is validated across all Latisys facilities and covers both security and availability principles in detail. The SOC audits were performed by Ehrhardt Keefe Steiner & Hottman, P.C. (EKS&H), one of the largest CPA firms headquartered in the Rocky Mountain Region.

The Payment Card Industry (PCI) Data Security Standard (DSS) is a set of security standards managed by the PCI Security Standards Council that are designed to ensure the security of credit and debit card transactions and protect cardholders against identity theft. The PCI DSS consists of twelve broad security requirements and over 260 specific controls. Coalfire Systems is a leading Qualified Security Assessor (QSA) firm and is authorized to perform PCI DSS compliance audits under the credentials issued to the firm by the PCI SSC. In keeping with the standard and the firm's credentials, Coalfire issued Latisys an Attestation of Compliance (AoC) with the PCI DSS.

Coalfire's assessment examined technical, physical and administrative controls associated with Latisys' ability to provide colocation and hosting that meets requirements established by PCI and other regulations cited above. Completion of the assessments provides Latisys with a formal third-party evaluation of Latisys' national platform and IT services for compliant hosting. Coalfire audited Latisys' policies and procedures for compliance with sections 9 (physical controls) & 12 (information security policies) of the PCI DSS. At Latisys' discretion, the results of the Coalfire assessment may be obtained by prospective customers and their auditors with the appropriate signed non-disclosure agreements in place. Latisys also offers a variety of managed services to assist in other areas of the standard if your needs dictate additional assistance managing security practices such as firewall, VPN and intrusion detection.

"Most enterprises and online businesses are required to maintain compliance with multiple security standards, including the PCI DSS, HIPAA and GLBA," said Dirk Anderson, a Managing Director at Coalfire. "By outsourcing to Latisys, these businesses efficiently manage compliance by inheriting the controls Latisys has already put in place and validated."

"By expanding our compliance portfolio and earning the AoC, Latisys is better able to assist customers that seek to demonstrate compliance -- whatever their IT Governance and regulatory requirements," said Pete Stevenson, CEO of Latisys. "In addition to putting our customers trust first, we continue to deliver services from a unified and compliant national platform that significantly expands each customer's flexibility and scalability."

About Coalfire
Coalfire is a leading, independent information technology Governance, Risk and Compliance (IT GRC) firm that provides IT audit, risk assessment and compliance management solutions. Founded in 2001, Coalfire has offices in Dallas, Denver, Los Angeles, New York, San Francisco, Seattle and Washington D.C. and completes thousands of projects annually in retail, financial services, healthcare, government and utilities. Coalfire's solutions are adapted to requirements under emerging data privacy legislation, the PCI DSS, GLBA, FFIEC, HIPAA/HITECH, HITRUST, NERC CIP, Sarbanes-Oxley, FISMA and FedRAMP. For more information, visit

About Latisys
Latisys is a leading national provider of colocation, managed hosting, managed services, disaster recovery and private cloud solutions to medium-sized businesses, enterprise customers and government agencies. With a heritage of serving business customers since 1994, and multiple high-density data centers across the United States, Latisys offers a scalable outsourced IT infrastructure platform that provides customers with what they need, when they need it. As a client-centric company -- with state of the art data centers in Ashburn, Virginia, Chicago, Denver and Irvine, California -- Latisys is quickly becoming the IaaS platform of choice for companies that demand more from their IT infrastructure partner. All while optimizing clients' return on investment. All while 'delivering more_'. Call 1-866-956-9594, visit or follow us on Twitter at!/Latisys for additional information.

Contact Information

    Carter B. Cromley
    Email Contact
    (703) 861-7245