中華電信板橋雲端資料中心自2016年完工落成以來深獲許多國際型公司高度青睞及好評,為求不斷進步及提升客戶信任,在2019年成功取得由安永會計師事務所出具的SOC報告(Service Organization Controls Report)。SOC報告是美國會計師協會(AICPA)所訂定的報告形式,目的在藉由外部稽核驗證服務組織(包含資訊服務業者、雲端服務業者及金融服務業者等)所提供服務之安全控管程度及有效性,代表中華電信板橋雲端資料中心維運管理、資安政策的完整性及嚴格執行落實程度。
協助企業滿足法規規範 厚築風險管控防線
中華電信板橋雲端資料中心為全台第一座符合TIA-942 Rated 3及Rated 4認證的國際級資料中心,且陸續取得ISO 27001、PCI DSS等多項國內外認證及標章,從機房建築、電力、機械、電信、資安都有最嚴謹的標準及規範,以確保資料中心的永續運行。本次通過之SOC報告是依據AICPA鑑證業務準則公告第18號(SSAE No. 18)、國際鑑證業務準則第3402號(ISAE 3402)及信任服務原則第100節(Trust Services Principles, TSP Section 100)進行嚴格查核,查核項目超過200項,不僅可進一步展現中華電信於安全性及可用性的落實,更可協助進駐企業滿足法規規範、簡化各項風險管控的查核。
嚴格落實內部管控 建構永續維運資料中心
本次中華電信板橋雲端資料中心共取得SOC 1 Type 2及SOC 2 Type 2兩項報告認證, SOC 1係針對與財務報告相關之內部控制,SOC 2則著重於組織運作合規及風險控制;此外本次取得的Type 2報告形式為執行面驗證,不同於Type 1為設計面驗證(僅針對單個時間點進行查核),針對本次查核之安全性及可用性,於一段時間確認運作及管控機制設計、實施情況及執行有效性,藉以驗證服務及系統具備對未經授權存取行為的防護機制,且能依承諾維持服務及系統穩定運轉。中華電信板橋雲端資料中心自興建時即運用OM Ready (Operations & Maintenance Ready)的概念,從設計規劃階段即落實「永續維運的規劃設計理念」,並於施工時導入「全生命週期功能驗證」,本次驗證不僅再次證明中華電信專業機房設計及維運的專業能量,也是中華電信落實風險管控機制、資安規範的最佳體現。
Business Unit: Data Communications Business Group Marketing Office TEL: (02) 2344-4718 #331
Issuing Unit: Office of Public Affairs TEL: (02) 2344-3252
Date of issuance: 2020/1/9
Chunghwa Telecom Taipei IDC Successfully Attained the Service Organization Controls (SOC) Reports
Since its launch in 2016, Chunghwa Telecom Taipei IDC has become the first co-location choice for many international enterprises. To continuously improve the services and reliability towards clients, in 2019 it has successfully attained Service Organization Controls (SOC) Reports issued by Ernst & Young. Service Organization Controls (SOC) Reports are designed by American Institute of Certified Public Accountants (AICPA) to help service organizations that provide services to other entities, build trust and confidence in the service performed and controls related to the services through a report by an independent CPA. With the certified SOC Reports, Chunghwa Telecom Taipei IDC has confirmed the comprehensiveness of its security policy and the extent to which implementation is strictly enforced.
Assist enterprises in regulation compliance and risk management
Chunghwa Telecom Taipei IDC is the first international-standard data center in Taiwan that complies with TIA-942 Rated 3 and Rated 4 certifications, followed by more endorsements such as ISO 27001, PCI DSS, etc. From architectural, electrical, mechanical to telecommunication and information security aspects, these certifications can be confidently relied on by clients who are seeking top-quality co-location services. The SOC Reports, prepared in accordance with SSAE No. 18, ISAE 3402, and Trust Services Principles (TSP) Section 100, are executed with more than 200 control objectives among security and availability, revealing Chunghwa Telecom’s ambition to deliver sustained excellence in risk management and regulation compliance.
Construct a sustainable data center environment with strictly internal controls
In terms of report type, Chunghwa Telecom Taipei IDC has attained SOC1 Type 2 and SOC2 Type 2 reports this time. The verification of SOC 1 is related to internal controls over financial reporting, while SOC 2 is related to internal control reports over risks associated with the services of the organization. Other than Type 1 only focuses on a specified date, Type 2 evaluates the control objectives throughout a specified period, usually more than 6 months, keeping abreast of the times and developments. Chunghwa Telecom Taipei IDC has engaged in Operations & Maintenance Ready (OM Ready) concept since it was designed and built, fulfilling Sustainable Development and Commissioning Level of Life Cycle approaches from end to end.
The core belief of Chunghwa Telecom IDC services is that customers’ achievements are seen as our professional success. With this belief, Chunghwa Telecom embraces innovations and be devoted to refining its co-location services in every way to keep itself a top-quality data center provider in the world.
Customer Service Contact Number: 0800-080-365