The CenturyLink Compliance Center provides information around the security controls in place to mitigate risk and ensure stability. Working with a global enterprise IT service provider like CenturyLink, you can rest assured we have experience with a wide range of security controls, regulatory requirements, and industry standard compliance models.
Benefit from our investment in these IT security frameworks to assess your internal readiness and accelerate compliance obligations. Information provided by CenturyLink around these compliance programs demonstrates how our automation platform provides a solid foundation for your risk mitigation strategy. CenturyLink's hybrid-IT approach combines our public and private cloud offerings with our managed services and more "traditional" IT services to create a hybrid platform capable of meeting a multitude of business needs.
Our data centers around the globe are independently audited in accordance with the Statement on Standards for Attestation Engagements #16 (SSAE 16) and have published a Service Organization Controls 1 (SOC 1), Type 2 report, as well as SOC 2, Type II and SOC 3 reports demonstrating its commitment to protecting the security and availability of customer data.
ISO 9001:2015 is the international standard that specifies requirements for a quality management system (QMS). Organizations use the standard to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements.
PCI is the security certification that applies to any organization or merchants that accepts, transmits or stores any credit cardholder data. CenturyLink can work with you to provide a variety of PCI-DSS compliant solutions and is a listed service provider on the VISA PCI Compliance Directory.
CenturyLink can help its customers comply with the Children’s Online Privacy Protection Act (COPPA) Rule requirements. The Federal Trade Commission (FTC), the United States national consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.
The Family Educational Rights and Privacy Act (FERPA) is a federal law that that protects the privacy of student education records and affords parents the right to protect their children's privacy and accuracy of education records. CenturyLink can assist with FERPA compliance by providing a combination of hybrid IT services—Cloud, Managed Services and Colocation.
Covered entities and their business associates who are required to comply with the U.S. Health Insurance Portability and Accountability Act (HIPAA) can leverage CenturyLink to process, maintain, and store individually identifiable health information or protected health information (PHI).
Australian Privacy Principles (APPs) regulate the handling of personal information by both Australian government agencies and businesses. CenturyLink encourages customers to understand the APPs, how their business activities comply with these principles, and how to effectively select and use CenturyLink services in those efforts. As a service provider, CenturyLink has focused on a few key APPs.
The CSA Security, Trust and Assurance Registry (STAR) is a comprehensive set of offerings for cloud provider trust and assurance. CenturyLink Cloud has completed and submitted the STAR Consensus Assessments Initiative Questionnaire (CAIQ).
The European Union Agency for Network and Information Security (ENISA) is a center of network and information security expertise for the EU, its member states, the private sector and Europe's citizens. CenturyLink can assist customers in complying with ENISA requirements.
To assist customers in meeting EU Directive requirements, CenturyLink will agree to the Model Clauses, subject to a review process to vet the services in consideration for compliance, and prepare the Appendix that describes the security controls we agree to have in place.
The Federal Information Security Management Act (FISMA) is a comprehensive framework for securing the federal government’s information technology (IT). FISMA provides a set of specific guidelines for federal agencies on how to plan for, budget, implement, and maintain secure systems.
The Bundesdatenschutzgesetz or BDSG, is Germany’s Federal Data Protection Act. CenturyLink ensures the required technical and organizational measures are adhered to for protection of personal data against misuse and loss in accordance with the requirements of the BDSG.
Compliance implementation plans are not one-size-fits-all. At CenturyLink, we work with our customers to understand the unique compliance needs of the business, and develop a customized plan that matches both the unique business priorities and regulations necessary to achieve the compliance posture desired.
CenturyLink then works with the business to implement custom security and compliance enabling solutions to facilitate customization to meet any organization’s compliance requirements.
To learn more about compliance implementation, and how CenturyLink can help your business achieve compliance certifications, read our compliance resource guide.
Alert Logic, a leader in cloud security and compliance solutions, provides Security-as-a-Service for cloud and hybrid infrastructures, delivering deep security insight and continuous protection for customers at a lower cost than traditional security solutions. Alert Logic has integrated their Log Manager and their Web Security Manager technologies with the CenturyLink Cloud platform, publishing these virtual appliances as CenturyLink Cloud Partner Templates.
Vormetric provides enterprise encryption and key management services that enable corporations to protect their data. Vormetric’s Data Security Manager (DSM) addresses industry compliance mandates and government regulations globally by securing data in physical, virtual and cloud infrastructures, through Data Encryption, Key Management, Access Policies, Privileged User Control, and Security Intelligence. Vormetric’s technology is integrated with the CenturyLink Cloud platform and available for deployment via Blueprint or Partner Template.
Cavirin offers a security and compliance solution expressly designed for both cloud environments and physical data centers. Cavirin delivers continuous audit and operational compliance to the cloud, with technology expressly designed to measure and monitor risk associated with a range of compliance guidelines (PCI, HIPAA, ISO, NIST, SOC 2, CIS, and/or DISA STIGs.) Integrated with CenturyLink Cloud as a Partner Template, Cavirin helps customers address the business challenge of compliance and regulatory governance.
Monitors virtual machines, will log, block or stop any identified vulnerability, and will report it based on the IPS policy.
Connect networks within a particular data center through the use of configurable firewall policies, and create firewall policies that connect different data centers.
Our cloud stack, isolated and dedicated to you. Deploy in over 55 CenturyLink locations around the world.
CenturyLink Cloud provides advanced cloud security and compliance that protects enterprise systems and data.
Affordable protection for your on-premise data & production VMs. Avoid the enormous costs of IT downtime and data loss with SafeHaven for CenturyLink Cloud.