Information Security Compliance and Audit is responsible for engaging and supporting external auditors and CenturyLink business units in successfully completing an annual renewal of audit reports and certifications for CenturyLink products.
Information Security Compliance works closely with internal global groups and departments to ensure that processes and procedures are accurately represented and tested during annual audits. The Information Security Compliance and Audit group creates and performs internal and external third-party assessments, monitors processes, gathers evidence, and helps with remediation plans. Information Security Compliance works across all departments within CenturyLink to ensure there is continuous improvement and compliance readiness.
Our data centers around the globe are independently audited in accordance with the Statement on Standards for Attestation Engagements #18 (SSAE 18). They have published a Service Organization Controls SOC 1 Type 2 report and SOC 2 Type 2 report(s), demonstrating their commitment to protecting security, availability, and confidentiality (where applicable) of customer data.
The scope of the ISO 22301:2012 certification is limited to the business continuity management system (BCMS) supporting the SAP-HANA Enterprise Cloud (HEC) for Managed Hosting Services. HANA Enterprise Cloud (HEC) is a solution to provide SAP HANA to SAP customers using CenturyLink’s Dedicated Cloud Compute (DCC) platform.
CenturyLink Technologies India (CTLI), Pvt. Ltd. Salarpuria Hallmark Block B, Ground Floor, Karnataka, India specifically holds and operates an IT Service Management System that complies with the requirements of ISO/IEC 20000-1:2011 for the following scope:
CTLI Operations division service management system supporting the provision of Managed Hosting & Managed Services to global customers from Bangalore, India, including support functions. This is in accordance with the latest version of the Service Catalogue ver. 14 dated January 18, 2016.
CenturyLink has received a certificate of registration for ISO/IEC 27001:2013 Information Security Management System (ISMS) Standard. CenturyLink can therefore be formally audited and certified compliant with the standard. The primary benefit of ISO 27001 certification means that the company can demonstrate to existing and potential customers that effective information security processes have been defined and implemented, thus creating a trust relationship. The scope of the ISO/IEC 27001:2013 certification is limited to the information security management system (ISMS) supporting global managed hosting in accordance with the Statement of Applicability (SOA).
PCI is the security certification that applies to any organization or merchants that accepts, transmits or stores any credit cardholder data. CenturyLink can work with you to provide a variety of PCI compliant solutions and is a listed service provider on the VISA PCI Compliance Directory.
Covered entities and their business associates who are required to comply with the U.S. Health Insurance Portability and Accountability Act (HIPAA) can leverage CenturyLink to process, maintain, and store individually identifiable health information or protected health information (PHI).
Australian Privacy Principles (APPs) regulate the handling of personal information by both Australian government agencies and businesses. CenturyLink encourages customers to understand the APPs, how their business activities comply with these principles, and how to effectively select and use CenturyLink services in those efforts. As a service provider, CenturyLink has focused on a few key APPs.
Outsourced Service Provider Audit Report (OSPAR) is a report that complies with The Association of Banks in Singapore’s guidelines. In this manner, it requires financial institutions (FIs) in Singapore to ensure that their outsourced service providers (OSP) are audited in accordance with Singapore Standard on Assurance Engagements 3000 (Revised) for assurance engagements other than audits or reviews of historical financial information. To remain OSPAR-certified, the OSP must have the relevant measures and controls, and implement them consistently to pass annual independent audits.
OSPAR certification provides credibility to the OSP and the assurance that it maintains the same level of governance, rigor and consistency as FIs in Singapore.
The CSA Security, Trust and Assurance Registry (STAR) is a comprehensive set of offerings for cloud provider trust and assurance. CenturyLink Cloud has completed and submitted the STAR Consensus Assessments Initiative Questionnaire (CAIQ).
The Federal Information Security Management Act (FISMA) is a comprehensive framework for securing the federal government’s information technology (IT). FISMA provides a set of specific guidelines for federal agencies on how to plan for, budget, implement, and maintain secure systems.
The Bundesdatenschutzgesetz or BDSG, is Germany’s Federal Data Protection Act. CenturyLink ensures that the required technical and organizational measures are adhered to for protection of personal data against misuse and loss in accordance with the requirements of the BDSG.
Compliance implementation plans are not one-size-fits-all. At CenturyLink, we work with our customers to understand their unique compliance needs and develop a customized plan that matches both their unique business priorities and regulations necessary to achieve the desired compliance posture.
CenturyLink then works with the business to implement custom security and compliance enabling solutions to facilitate customization to meet any organization’s compliance requirements.
To learn more about compliance implementation, and how CenturyLink can help your business achieve compliance certifications, read our compliance resource guide.
Alert Logic, a leader in cloud security and compliance solutions, provides Security-as-a-Service for cloud and hybrid infrastructures, delivering deep security insight and continuous protection for customers at a lower cost than traditional security solutions. Alert Logic has integrated their Log Manager and their Web Security Manager technologies with the CenturyLink Cloud platform, publishing these virtual appliances as CenturyLink Cloud Partner Templates.
Vormetric provides enterprise encryption and key management services that enable corporations to protect their data. Vormetric’s Data Security Manager (DSM) addresses industry compliance mandates and government regulations globally by securing data in physical, virtual and cloud infrastructures through Data Encryption, Key Management, Access Policies, Privileged User Control, and Security Intelligence. Vormetric’s technology is integrated with the CenturyLink Cloud platform and available for deployment via Blueprint or Partner Template
Cavirin offers a security and compliance solution for cloud environments and physical data centers. Cavirin delivers continuous audit and operational compliance to the cloud with technology expressly designed to measure and monitor risk associated with a range of compliance guidelines (PCI, HIPAA, ISO, NIST, SOC 2, CIS, and/or DISA STIGs.) Integrated with CenturyLink Cloud as a Partner Template, Cavirin helps customers address the business challenge of compliance and regulatory governance.
Monitors virtual machines, will log, block or stop any identified vulnerability, and will report it based on the IPS policy.
Connect networks within a particular data center through the use of configurable firewall policies, and create firewall policies that connect different data centers.
The CenturyLink Cloud is reliable, secure, robust and global. It is designed for your business needs today and tomorrow.
CenturyLink Cloud provides advanced cloud security and compliance that protects enterprise systems and data.
Affordable protection for your on-premise data & production VMs. Avoid the enormous costs of IT downtime and data loss with SafeHaven for CenturyLink Cloud.