Data Center Certifications and Compliance
Aligned’s state-of-the-art data centers, technologies and operations meet strict compliance and security standards to safeguard customer infrastructure, protect the confidentiality and integrity of customer data, and ensure maximum availability to maintain business continuity.
Data Center Certifications
SOC 2 Type 2 & SOC 1 Type 2
System and Organization Control for Service Organizations (SOC) certifies that Aligned maintains the highest level of internal controls and safeguards relevant to security, availability and integrity of the systems used to process customer data, as well as the confidentiality and privacy of the information processed by these systems.
SOC 1 Type 2 reports on Aligned’s controls related to customers’ financial reporting. SOC 2 Type 2 builds on this financial reporting basis and also requires standard operating procedures for organizational oversight, vendor management, risk management, and regulatory oversight.
NIST 800-53, published by the National Institute of Standards and Technology, promotes standards used by federal agencies to implement the Federal Information Security Management Act (FISMA) and documents security controls for all federal information systems (except those designed for national security).
Aligned’s data center infrastructure, technology and supporting applications meet NIST guidelines and standards, ensuring our federal government customers maintain the security and compliance required to comply with FISMA standards and mandates.
Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA) protects sensitive patient data. Any data center that stores, transmits or processes electronic Protected Health Information (ePHI) must comply with standards and citations to meet HIPAA compliance.
Aligned’s physical data centers, network and process security measures comply with HIPAA requirements. We safeguard Protected Health Information (PHI), ensuring the security, privacy, availability and accessibility of data for our healthcare as well as other customers.
Aligned also signs Business Associate Agreements (BAAs) with our customers and their clients.
ISO 27001:2013 provides an internationally recognized best practice methodology for the implementation, management, maintenance, and continuous improvement of information security within an organization.
The certification demonstrates Aligned’s ability to manage sensitive company information including people, processes and IT systems. Aligned’s Information Security Management System (ISMS) conforms with documented ISO 27001 standards, ensuring system security.
M&O Stamp of Approval
Aligned’s M&O Stamp of Approval demonstrates organizational excellence across operations, risk management and efficiency.
Developed by the Uptime Institute, the M&O Stamp of Approval certifies that Aligned’s data centers are operated reliably and efficiently to support 24×7 uptime performance and minimize the risk of errors and failures that could derail digital business platforms.
The M&O Stamp of Approval validates Aligned’s critical facilities management and operations practices, encompassing staffing and organization practices, maintenance and operations activities, management, and upstream planning and decision-making.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that store, transmit or process any credit cardholder data.
Aligned data centers meet PCI DSS compliance standards, protecting sensitive cardholder data through physical, network and infrastructure security.
Aligned limits access to racks, suites, cages, and power and network infrastructure to authorized personnel only. Additional security measures across facilities encompass card reader access; 24x7x365 on-site security; mantraps; dual authentication (biometrics and badge readers); event-driven IP video surveillance; and visual light-based alerts.
Aligned’s fully redundant power and networks also ensure customers’ critical data and applications are always accessible.