Platform Security and Hardening

This article outlines the policies and procedures followed by Equinix to protect your equipment and data.

The following teams and programs review, evaluate and enhance Equinix security practices:

  1. Audits and Compliance – We formally comply with various industry standards, such as ISO 27001, SSAE16, and PCI DSS. Audit attestations and certificates are provided by qualified third-party auditors. These auditors coordinate activities with various business and technology teams like Business Assurance Services, Internal Audit, and Operations.

  2. Information Security Team – Working closely with the legal organization, this team is charged to follow global and business unit guidelines to help ensure compliance with local and federal laws and regulations.

  3. Information Security Policies – The Information Security team administers and enforces a comprehensive set of confidential internal information that is reviewed and endorsed by senior management. This team ensures that the internal policies are global in scope, with a special focus on country-specific and region-specific laws, regulations, and business requirements.

    Areas covered by these internal security policies include:

    • Acceptable use of technology

    • Anti-virus and malware

    • Data backup and retention

    • Data classification, labeling, and handling

    • Logical access

    • Passwords

    • Patch management

    • Mobile devices

    • Personal computers

    • Remote access and VPN

    • Social Media

Note: These internal policies are rigorously enforced. They are reviewed annually to establish their continued relevance and accuracy. New policies are introduced as needed.