Compliance and Audit

Compliance and Audit

Compliance and Audit

Lumen knows that maintaining proper security and compliance programmes is critical to supporting and protecting our customers, meeting their compliance requirements, and meeting regulatory compliance and standards. We partner with external auditors to perform an assortment of annual assessments which provides our customers with confidence in our security through attestations and certifications that meet stringent security and regulatory requirements.

There is no official federal certification required to prove an organization is HIPAA compliant. Lumen‑covered entities and business associates can self‑certify their compliance, which means certifying that they comply with HIPAA regulations.

Lumen uses an external auditor to perform an assessment and evaluate our HIPAA compliance on certain products and services. The assessment was performed against the HIPAA Security Rules and Breach Notification requirements.

For compliance‑related enquiries, please contact your authorised Lumen representative. If you are unaware of who your representative is, please visit our Contact Us page

  • HIPAA Contact Centre Services (CCS) Report – Lumen
  • HIPAA Hosted Collaboration Solution (HCS) System Report – Lumen
  • HIPAA Technology Solution Services Report – Lumen.

ISO 27001: International standard that provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System (ISMS).

For compliance‑related enquiries, please contact your authorised Lumen representative. If you are unaware of who your representative is, please visit our Contact Us page.

  • NIST Federal Controls Assessment Confirmation Letter – Lumen

Lumen provides services to many level 1 and level 2 merchants, credit card processing companies and other parties who must demonstrate PCI compliance in environments that use Lumen services. Our customers have used third‑party qualified security assessors (QSAs) to examine their PCI compliance leveraging Lumen services. These QSAs, in turn, have submitted Reports on Compliance (ROCs) that attest to our customers' adherence to the PCI‑DSS. Customers leveraging our existing certifications will benefit by reducing the duration and cost of their PCI audits.

Requestors may visit the Visa Global Registry of Service Providers at usa.visa.com or contact their authorised Lumen representative for confirmation of registration. If you are unaware of who your representative is, please visit our Contact Us page.

For compliance‑related enquiries, please contact your authorised Lumen representative. If you are unaware of who your representative is, please visit our Contact Us page

  • Lumen Colocation Services PCI‑DSS ROC Letter and AOC
  • Lumen Contact Centre Solutions (CCS) PCI‑DSS ROC Letter and AOC
  • Lumen iQ Private Port (iQPP) PCI‑DSS ROC Letter and AOC
  • Lumen Managed Firewall and NIDS PCI‑DSS ROC Letter and AOC
  • Lumen Managed Services Administration PCI‑DSS ROC Letter and AOC

Lumen uses and provides a standard response tool known as the Standardised Information Gathering (SIG) tool. The SIG questionnaire is a compilation of answers to industry information security questions which provide an insight as to how information technology and data security risks are managed across a broad spectrum of risk control areas within Lumen. As such, it addresses risk controls across 16 different risk areas. The robust set of questions contained in the SIG is reviewed and updated annually. Updates and revisions are based on referenced industry standards (FFIEC, ISO, COBIT, and PCI). New risk areas are added on a regular basis, with cloud services and mobile device security as examples of some of the more recent additions.

For compliance‑related enquiries, please contact your authorised Lumen representative. If you are unaware of who your representative is, please visit our Contact Us page

  • Lumen Standardised Information Gathering (SIG) tool

The Lumen SOC 1 programme is designed to provide customer assurance regarding controls at Lumen relevant to customers' internal controls over financial reporting. The SOC 2 programme provides customer assurance of the Lumen controls supporting the AICPA Trust Services criteria relevant to security, availability and confidentiality (where applicable).

The SOC 1 and SOC 2 reports were prepared using the SSAE 18 Standard (Standards for Attestation Engagements No. 18) for U.S. customers and the equivalent international standards (International Standards for Assurance Engagements No. 3402 for the SOC 1 report) to meet a broad base of customer needs.

For compliance‑related enquiries, please contact your authorised Lumen representative. If you are unaware of who your representative is, please visit our Contact Us page

  • SOC 1 Type 2 Lumen Adaptive Network Security Report
  • SOC 1 Type 2 Lumen Co-location North America and APAC Report
  • SOC 1 Type 2 Lumen Technology Solution Services Report
  • SOC 2 Type 2 Lumen Adaptive Network Security Report
  • SOC 2 Type 2 Lumen Colocation Services Report
  • SOC 2 Type 2 Lumen Managed Security Services Security Log Monitoring Report
  • SOC 2 Type 2 Lumen Edge Compute Platform Report
  • SOC 2 Type 2 Lumen Technology Solution Services Report
Powered by Translations.com GlobalLink Web SoftwarePowered by GlobalLink Web