Compliance Information

Oxford Networks meets the requirements of the HIPAA Security Rule for Data Centers

HIPAA Security

Security of IT plays a key role in protecting Oxford Networks Data Center assets.  IT General Control Reviews over the HIPAA Security Rule helps to ensure the proper and consistent operation of Oxford Networks Data Centers systems, helps to protect from unauthorized changes and use, and helps to ensure compliance with the HIPAA Security Rule.

Oxford Networks is annually audited against the HIPAA Security Rule in the following areas:

  • Administrative Safeguards
  • Physical Safeguards
  • Technical Safeguards

SOC-2 Type II Compliant

As a Type 2 SOC-2 data center, Oxford Networks is independently audited to ensure our controls meet the security, availability and confidentiality Trust Services Principles that the American Institute of Certified Public Accountants (AICPA) requires:

  • The security of the data center,
  • The availability of the data center, and,
  • The confidentiality of the information that the data center maintains for its users.

Oxford Networks undergoes these audits annually to continually provide a secure and controlled facility for your needs. It is our mission to provide the highest quality services and standards at our facility.

Oxford Networks’ Brunswick Data Center Receives PCI Compliance

The Payment Card Industry Security Standards Council has deemed Oxford Networks’ Brunswick Data Center to be in compliance with its 2.0 Data Security Standard, a worldwide information security standard to help control and minimize fraud and the compromise of sensitive information.

A company that is PCI compliant adheres to strict security policies and procedures that conform to the PCI DSS standard.

The Oxford Networks Data Center provides facilities for organizations to house their servers and/or provide Infrastructure-as-a-Service to conduct their business. In that capacity, the Oxford Networks Data Center has specific responsibilities that must follow PCI Compliance 2.0.

“Because we live in a world that is digitally always transforming itself and where hardware and data can be manipulated both physically and virtually, an increasing number of companies are choosing to maintain the security and administration of their servers with third-party providers,” says Craig Gunderson, CEO and President of Oxford Networks. “Oxford Networks has been building this capacity for years. PCI compliance is an objective standard that tells our clients that we are dead serious about security.”

As a PCI compliant 2.0 Data Center provider, Oxford Networks is required to complete a self-assessment. Only two of its products were relevant to the standards: Colocation and Infrastructure-as-a-service. The scope limited compliance to sections 9 and 12 of the PCI DSS.

Section 9 specifically covers “Physical Access” and includes maintaining tight controls over who has access to the building and secure areas within the facility.

Section 12 requires that Oxford Networks maintains an Information Security Policy. This covers logical access to the systems that support the compliant products. For example, user ID’s cannot be shared and passwords must change periodically. It also covers virus protection and change management policies for those systems. All other sections address access and protection of cardholder data, which is not applicable to Oxford Networks.

Oxford Networks also meets the requirements of the HIPAA (Health Insurance Portability and Accountability Act) Security Rule for Data Centers in the areas of administrative, physical, and technical safeguards. It is also a Type 2 Service Organization Control (SOC) II compliant data center. Both are commonly known industry standards for internal controls and security.