Compliance


Information Security Compliance and Audit is responsible for engaging and supporting external auditors and CenturyLink business units in successfully completing an annual renewal of audit reports and certifications for CenturyLink products.

Information Security Compliance works closely with internal global groups and departments to ensure that processes and procedures are accurately represented and tested during annual audits. The Information Security Compliance and Audit group creates and performs internal and external third-party assessments, monitors processes, gathers evidence, and helps with remediation plans. Information Security Compliance works across all departments within CenturyLink to ensure there is continuous improvement and compliance readiness.

Zertifizierungen

Die Rechenzentren von CenturyLink Cloud entsprechen den Richtlinien SSAE 16 und SOC 1

SOC Program

Our data centers around the globe are independently audited in accordance with the Statement on Standards for Attestation Engagements #18 (SSAE 18). They have published a Service Organization Controls SOC 1 Type 2 report and SOC 2 Type 2 report(s), demonstrating their commitment to protecting security, availability, and confidentiality (where applicable) of customer data.

CenturyLink's ISO 22301:2012 certification is limited to the business continuity management system (BCMS) supporting the SAP-HANA Enterprise Cloud (HEC) for Managed Hosting Services

ISO 22301:12

The scope of the ISO 22301:2012 certification is limited to the business continuity management system (BCMS) supporting the SAP-HANA Enterprise Cloud (HEC) for Managed Hosting Services. HANA Enterprise Cloud (HEC) is a solution to provide SAP HANA to SAP customers using CenturyLink's Dedicated Cloud Compute (DCC) platform.

 

CenturyLink Technologies India holds and operates an IT Service Management System that complies with the requirements of ISO/IEC 20000-1:2011

ISO/IEC 20000-1:2011

CenturyLink Technologies India (CTLI), Pvt. Ltd. Salarpuria Hallmark Block B, Ground Floor, Karnataka, India specifically holds and operates an IT Service Management System that complies with the requirements of ISO/IEC 20000-1:2011 for the following scope:

CTLI Operations division service management system supporting the provision of Managed Hosting & Managed Services to global customers from Bangalore, India, including support functions. This is in accordance with the latest version of the Service Catalogue ver. 14 dated January 18, 2016.

CenturyLink besitzt für viele Rechenzentren eine ISO 27001-Zertifizierung

ISO 27001:2013

CenturyLink has received a certificate of registration for ISO/IEC 27001:2013 Information Security Management System (ISMS) Standard. CenturyLink can therefore be formally audited and certified compliant with the standard. The primary benefit of ISO 27001 certification means that the company can demonstrate to existing and potential customers that effective information security processes have been defined and implemented, thus creating a trust relationship. The scope of the ISO/IEC 27001:2013 certification is limited to the information security management system (ISMS) supporting global managed hosting in accordance with the Statement of Applicability (SOA).

Mehr über ISO 27001

CenturyLink besitzt für viele Rechenzentren eine ISO 9001-Zertifizierung

ISO 9001:2015

CenturyLink maintains a ISO 9001:2015 certification limited to the Quality Management System (QMS) supporting the CenturyLink Global ITS & Managed Services Quality Management System covering a variety of requirements regarding the SAP HANA Enterprise Cloud (HEC) product.

Mehr über ISO 9001

PCI-Compliance

Payment Card Industry Data Security Standard (PCI)

PCI ist die Sicherheitszertifizierung, über die alle Unternehmen oder Händler verfügen müssen, die Kreditkartendaten erfassen, weiterleiten oder speichern. CenturyLink can work with you to provide a variety of PCI compliant solutions and is a listed service provider on the VISA PCI Compliance Directory.

Mehr über PCI DSS Compliance

View a Dedicated Cloud Compute PCI compliance architecture for an example of our compliance solutions.

Richtlinien

CenturyLink IaaS entspricht den HIPAA-Compliance-Anforderungen

HIPAA

Abgedeckte Entitäten und ihre Geschäftspartner, die dem U.S. Health Insurance Portability and Accountability Act (HIPAA) unterliegen, können sich CenturyLink für die Bearbeitung, Verwaltung und Speicherung von individuell identifizierbaren Gesundheitsdaten oder geschützten Gesundheitsdaten (Protected Health Information, PHI) zunutze machen.

Mehr über HIPAA

CenturyLink can assist with APP compliance.

Australian Privacy Principles

Australian Privacy Principles (APPs) regulate the handling of personal information by both Australian government agencies and businesses. CenturyLink encourages customers to understand the APPs, how their business activities comply with these principles, and how to effectively select and use CenturyLink services in those efforts. As a service provider, CenturyLink has focused on a few key APPs.

Read more about the APPs

CenturyLink and OSPAR Compliance.

OSPAR

Outsourced Service Provider Audit Report (OSPAR) is a report that complies with The Association of Banks in Singapore's guidelines. In this manner, it requires financial institutions (FIs) in Singapore to ensure that their outsourced service providers (OSP) are audited in accordance with Singapore Standard on Assurance Engagements 3000 (Revised) for assurance engagements other than audits or reviews of historical financial information. To remain OSPAR-certified, the OSP must have the relevant measures and controls, and implement them consistently to pass annual independent audits.

OSPAR certification provides credibility to the OSP and the assurance that it maintains the same level of governance, rigor and consistency as FIs in Singapore.

 
 

Standards & Frameworks

CenturyLink Cloud hat die STAR CAIQ Selbsteinschätzung ausgefüllt und eingereicht

CSA STAR

Das CSA Security, Trust and Assurance Registry (STAR) ist ein umfassendes Register der von Cloud-Anbietern bereitgestellten Vertrauens- und Sicherheitsmaßnahmen. CenturyLink Cloud hat den Fragebogen STAR Consensus Assessments Initiative Questionnaire (CAIQ) ausgefüllt und eingereicht.

Mehr über CSA und STAR

FISMA defines a framework for managing information security that must be followed for all information systems used or operated by a U.S. federal government agency.

FISMA

The Federal Information Security Management Act (FISMA) is a comprehensive framework for securing the federal government's information technology (IT). FISMA provides a set of specific guidelines for federal agencies on how to plan for, budget, implement, and maintain secure systems.

Read more about FISMA

CenturyLink richtet sich nach den Sicherheitsvorgaben des BDSG zum Schutz persönlicher Daten

Deutscher Bundesdatenschutz

The Bundesdatenschutzgesetz or BDSG, is Germany’s Federal Data Protection Act. CenturyLink ensures that the required technical and organizational measures are adhered to for protection of personal data against misuse and loss in accordance with the requirements of the BDSG.

Mehr über das BDSG

TRUSTe

TRUSTe-Datenschutz-Gütesiegel

CenturyLink Cloud has been awarded TRUSTe's Privacy Seal. This signifies that our Privacy Policy and practices have been reviewed for compliance with TRUSTe’s Program Requirements, including transparency, accountability and choice regarding the collection and use of your Personal Information.

Mehr über TRUSTe

Geteilte Verantwortung für Sicherheit und Compliance

Cloud security relies on a "Shared Responsibility" model with clear demarcations for where the infrastructure provider's obligations lie versus the customer. CenturyLink's obligation is limited to securing the underlying infrastructure of the cloud; the customer is responsible for securing the cloud servers, applications, and systems they deploy on our infrastructure. Kunden können diese Sicherheit durch Implementierung eigener Technologien oder durch die Verwendung der von uns und unseren Partnern angebotenen Werkzeuge erreichen.

Ob Sie die öffentliche Cloud von CenturyLink nur als Infrastructure as a Service (IaaS) nutzen oder mit CenturyLink eine volle Hybrid-IT-Lösung aufbauen, wir helfen Ihnen bei der Identifizierung der für Ihren Sicherheits- und Compliance-Bedarf richtigen Kombination von IT-Services. Das Ausmaß der Verantwortung hängt zum Teil von den verwendeten Services und dem Umfang der abonnierten Verwaltung ab. CenturyLink kann Ihnen bei der schwierigen Aufgabe helfen, in Ihrem Unternehmen ein Bewusstsein für die eigenen Pflichten, die sich aus dem Modell der geteilten Verantwortung ergeben, zu etablieren.

Lesen Sie mehr über geteilte Verantwortung

Compliance Resource Guide

Compliance implementation plans are not one-size-fits-all. At CenturyLink, we work with our customers to understand their unique compliance needs and develop a customized plan that matches both their unique business priorities and regulations necessary to achieve the desired compliance posture.

CenturyLink then works with the business to implement custom security and compliance enabling solutions to facilitate customization to meet any organization’s compliance requirements.

To learn more about compliance implementation, and how CenturyLink can help your business achieve compliance certifications, read our compliance resource guide.

Partner

Alert Logic, führend im Bereich Cloud-Sicherheit und Compliance-Lösungen, bietet Security-as-a-Service für Cloud- und Hybrid-Infrastrukturen, intensive Sicherheitseinsichten und weiteren Schutz für Kunden – zu niedrigeren Preisen als herkömmliche Sicherheitslösungen. Alert Logic has integrated their Log Manager and their Web Security Manager technologies with the CenturyLink Cloud platform, publishing these virtual appliances as CenturyLink Cloud Partner Templates.

Vormetric bietet Unternehmen Verschlüsselungslösungen und wichtige Management-Services, die Unternehmen den Schutz ihrer Daten ermöglichen. Vormetric’s Data Security Manager (DSM) addresses industry compliance mandates and government regulations globally by securing data in physical, virtual and cloud infrastructures through Data Encryption, Key Management, Access Policies, Privileged User Control, and Security Intelligence. Vormetric’s technology is integrated with the CenturyLink Cloud platform and available for deployment via Blueprint or Partner Template

Cavirin offers a security and compliance solution for cloud environments and physical data centers. Cavirin delivers continuous audit and operational compliance to the cloud with technology expressly designed to measure and monitor risk associated with a range of compliance guidelines (PCI, HIPAA, ISO, NIST, SOC 2, CIS, and/or DISA STIGs.) Cavirin ist in der CenturyLink Cloud als Partnervorlage integriert und unterstützt Kunden dabei, Compliance- und Behördenherausforderungen anzugehen.

Verwandte Produkte

Intrusion-Prävention-System

Überwacht virtuelle Maschinen, erfasst, blockiert oder schließt identifizierte Schwachstellen und meldet diese gemäß den IPS-Richtlinien.

Firewall

Verbinden Sie Netzwerke innerhalb eines bestimmten Rechenzentrums durch Verwendung von konfigurierbaren Firewall-Richtlinien und erstellen Sie Firewall-Richtlinien, die andere Rechenzentren verbinden.

Cloud Platform

Die CenturyLink Cloud ist zuverlässig, sicher, robust und global. Sie wurde für aktuelle wie künftige geschäftliche Ansprüche Ihres Unternehmens entwickelt.

Sicherheit und Compliance

CenturyLink Cloud bietet moderne Cloud-Sicherheit und Compliance zum Schutz von Unternehmensdaten und -systemen.

Disaster Recovery

Günstiger Schutz für Ihre Daten am Standort und Produktions-VM. Mit SafeHaven für CenturyLink Cloud vermeiden Sie die enormen Kosten, die durch IT-Ausfallzeiten und Datenverlust entstehen.