Necessary Compliance Standards

    Hosting providers must comply on your behalf to both national and international information security standards. You can rely on us and independent auditors to ensure your servers meet the industry’s most stringent criteria. We are also able to provide you with information regarding your own compliance needs, and reports on the controls of our facilities, network, and more for your organization’s audits.

    Talk to a compliance professional today to learn more about compliance standards.

    PCI (Payment Card Industry) Compliance

    The Payment Card Industry Security Standards Council’s PCI data security standards are relevant to you if you store or process credit card data. PCI Compliance standards are a set of guidelines to protect your cardholders’ sensitive data from being exposed to hackers and require validation from a third-party Qualified Service Assessor (QSA). Without the PCI Compliance certification, your online business risks fines and backlisting from payment brands and card acceptance programs. Our team of compliance professionals is here to help you build a hosting environment – via our compliance-ready servers – that conforms to all necessary PCI security standards.

    Both new and existing WebFacility clients can get a free SSL certificate with the purchase of PCI Compliance – click here to get started.


    SSAE 16 is the international standard that replaced SAS 70 for Types I and II reporting on service organizations (Type I reports evaluate the accuracy of the service provider’s description, and Type II reports, in addition to the former, also evaluate the implementation and effectiveness). SSAE 16 is a set of stringent guidelines that validate controls, processes, and design and operating effectiveness.. WebFacility data centers are SSAE 16 certified and satisfy national compliance requirements.


    SAS70 was replaced by SSAE 16 (Statement on Standards for Attestation Engagement) by the American Institute of CPAs. The Statement on Auditing Standards (SAS) number 70 had two types of reports: Type I reported on operational controls and Type II reported on the effectiveness of the controls. This standard ensured that auditors assess the processes and security procedures.

    HIPAA Compliance

    Businesses and facilities that store or process protected patient data online are required by the U.S. Health Insurance Portability and Accountability Act to provide specific security standards. WebFacility is able to ensure that your environment is HIPAA compliant and that your cloud is fully encrypted. Our data centers, including all cloud servers and dedicated servers are 100% compliant with the Department of Health and Human Services’ standards.
    Safe Harbor Certification

    The Safe Harbor Certification ensures E.U. organizations that your U.S. company provides the necessary privacy protection controls as defined by the European Commission’s Directive on Data Protection. The Safe Harbor Certification’s framework is an agreement between the U.S. and Europe to standardize the transfer of data without breaching privacy laws imposed by European authorities. With the Safe Harbor Certification, your business can transfer consumer data between the U.S. and E.U. without interruptions. WebFacility is a holder of the Safe Harbor Certification – learn about it here.

    ISO 27001

    ISO 27001, published by the International Organization of Standardization (ISO), is a global security management standard that outlines the best practices for information security management systems. In order to have achieved our certification, WebFacility was required to present a systematic approach to evaluating our information security risk, implement risk management measures that address risks within our infrastructure, and more.