COMPLIANCE & AUDIT
-
LUMEN LEGAL -
CENTURYLINK LEGAL -
LUMEN TRUST CENTER
Compliance & Audit
Lumen knows that maintaining proper security and compliance programs is critical to supporting and protecting our customers, meeting their compliance requirements, and meeting regulatory compliance and standards. We partner with external auditors to perform an assortment of annual assessments which provides our customers with confidence in our security through attestations and certifications that meet stringent security and regulatory requirements.
Where applicable, Lumen offers public-facing reports, certifications, and attestations through self-help or formal request. All are listed below:
Email ComplianceManagement@lumen.com to receive a copy of the document listed below.
- Cyber Essentials Certificate of Assurance - Lumen Technologies UK Ltd
Email ComplianceManagement@lumen.com to request a copy of any of the documents listed below.
- Cyxtera Colocation ISO 27001 Certificate
- Cyxtera Colocation SOC 1 Type 2 Bridge Letter – January
- Cyxtera Colocation SOC 1 Type 2 Report
- Cyxtera Colocation SOC 2 Type 2 Bridge Letter – January
- Cyxtera Colocation SOC 2 Type 2 Report
- Cyxtera NIST Federal Controls Assessment Confirmation Letter
- Cyxtera PCI Letter and Attestation of Compliance
There is no official federal certification required to prove an organization is HIPAA compliant. Lumen-covered entities and business associates can self-certify their compliance, which means certifying that they comply with HIPAA regulations.
Lumen uses an external auditor to perform an assessment and evaluate our HIPAA compliance on certain products and services. The assessment was performed against the HIPAA Security Rules and Breach Notification requirements.
Email ComplianceManagement@lumen.com to request a copy of any of the documents listed below.
- HIPAA Contact Center Services (CCS) Report – Lumen
- HIPAA Hosted Collaboration Solution (HCS) System Report – Lumen
- HIPAA Managed Enterprise Services (MES) Report – Lumen
- HIPAA State of AZ Managed Enterprise Services (MES) Report – Lumen
- HIPAA Technology Solution Services Report – Lumen.
ISO 20000 - UK: Lumen Technologies Ltd, UK, specifically holds and operates an IT Service Management System (ISMS) that complies with the requirements of ISO/IEC 20000-1:2018 for the following scope: Lumen Operations division service management system supporting the provision of managed hosting and managed services to global customers from UK locations. This is in accordance with the latest version of the Service Catalogue.
ISO 27001: International standard that provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System (ISMS).
Email ComplianceManagement@lumen.com to request a copy of the document listed below.
- NIST Federal Controls Assessment Confirmation Letter – Lumen
Email ComplianceManagement@lumen.com to request a copy of the document listed below.
- OSPAR Report – Lumen
Lumen provides services to many level 1 and level 2 merchants, credit card processing companies and other parties who must demonstrate PCI compliance in environments that utilize Lumen services. Our customers have used third-party qualified security assessors (QSAs) to examine their PCI compliance leveraging Lumen services. These QSAs, in turn, have submitted Reports on Compliance (ROCs) that attest to our customers' adherence to the PCI-DSS. Customers leveraging our existing certifications will benefit by reducing the duration and cost of their PCI audits.
Requestors may visit the Visa Global Registry of Service Providers at usa.visa.com or contact ComplianceManagement@lumen.com for Lumen confirmation of registration.
Email ComplianceManagement@lumen.com to request a copy of any of the documents listed below.
- Lumen Colocation Services PCI-DSS ROC Letter and AOC
- Lumen iQ Private Port (iQPP) PCI-DSS ROC Letter and AOC
- Lumen Managed Enterprise Services PCI-DSS ROC Letter and AOC
- Lumen Managed Firewall and NIDS PCI-DSS ROC Letter and AOC
- Lumen Managed Services Administration PCI-DSS ROC Letter and AOC
- Lumen Network Integrated Cloud Contact Center Solutions (NICCCS) PCI-DSS ROC Letter and AOC
- Lumen Security Log Monitoring (SLM) Services PCI-DSS ROC Letter and AOC
PSN accreditation demonstrates to the UK government that the Lumen security policies and controls are sufficiently rigorous for us to interact with the Public Services Network in the UK and those connected to it.
- PSN Connection Compliance Certificate – Lumen Technologies UK Ltd – DNSP_0002
- PSN Connection Compliance Certificate – Lumen Technologies UK Ltd – GCN_0002
- PSN Connection Compliance Certificate – Lumen Technologies UK Ltd – SRV_0006
- PSN Connectivity Service Compliance Certificate – Lumen Technologies UK Ltd – DNSP_0002 – IP VPN Service
- PSN Connectivity Service Compliance Certificate – Lumen Technologies UK Ltd – GCN_0002 IP VPN Service
- PSN Service Provision Compliance Certificate – Lumen – SRV_0397 – Voice Complete Telephony (VCT)
- PSN Service Provision Compliance Certificate – Lumen Technologies UK Ltd – SRV_0006 IP VPN (PROTECT) Service
Lumen utilizes and provides a standard response tool known as the Standardized Information Gathering (SIG) tool. The SIG questionnaire is a compilation of answers to industry information security questions which provide an insight as to how information technology and data security risks are managed across a broad spectrum of risk control areas within Lumen. As such, it addresses risk controls across 16 different risk areas. The robust set of questions contained in the SIG is reviewed and updated annually. Updates and revisions are based on referenced industry standards (FFIEC, ISO, COBIT, and PCI). New risk areas are added on a regular basis, with cloud services and mobile device security as examples of some of the more recent additions.
Email ComplianceManagement@lumen.com to request a copy of the document listed below.
- Lumen Standardized Information Gathering (SIG) tool
The Lumen SOC 1 program is designed to provide customer assurance regarding controls at Lumen relevant to customers' internal controls over financial reporting. The SOC 2 program provides customer assurance of the Lumen controls supporting the AICPA Trust Services criteria relevant to security, availability, and confidentiality (where applicable).
The SOC 1 and SOC 2 reports were prepared using the SSAE 18 Standard (Standards for Attestation Engagements No. 18) for U.S. customers and the equivalent international standards (International Standards for Assurance Engagements No. 3402 for the SOC 1 report) to meet a broad base of customer needs.
Email ComplianceManagement@lumen.com to request a copy of any of the documents listed below.
- SOC 1 and SOC 2 Type 2 Lumen Technology Solution Services Bridge Letter
- SOC 1 Type 2 Lumen Adaptive Network Security Report
- SOC 1 Type 2 Lumen Colocation North America and EMEA Report
- SOC 1 and SOC2 Type 2 Data Center Colocation Services Bridge Letter
- SOC 1 Type 2 Lumen Technology Solution Services Report – April 1-March 31
- SOC 1 Type 2 Lumen Technology Solution Services Report – October 1-September 30
- SOC 2 Type 2 Lumen Adaptive Network Security Report
- SOC 2 Type 2 Lumen Cloud Application Manager Report
- SOC 2 Type 2 Lumen Colocation Services Report
- SOC 2 Type 2 Lumen Managed Security Services Security Log Monitoring Report
- SOC 2 Type 2 Lumen Technology Solution Services Report – April 1 - March 31
- SOC 2 Type 2 Lumen Technology Solution Services Report – October 1 - September 30
Not all products and services are available in all regions and countries; please contact a representative near you for details.
