Upcoming Webinar | The New Frontier of 2025 Compliance: Mastering GovRAMP, IN-RAMP, and the Mystery of FedRAMP 20x on Sept. 4th @ 1:00 PM ET

Learn More
866.254.0000
Contact Us
Services
Services
View All Services
SOC & Attestations
SOC & Attestations
SOC 1 / SSAE 18 Examination
SOC 2 Examination
SOC 3 Examination
SOC for Supply Chain
SOC for Cybersecurity
SOC Essentials for Early-Stage Companies
C5 Attestation
CSA STAR Programs
Payment Card Assessments
Payment Card Assessments
PCI DSS Validation
PCI SSF
PCI P2PE Validation
PCI PIN Assessments
PCI 3DS Compliance
ISO Certifications
ISO Certifications
ISO 27001
ISO 42001
ISO 27701
ISO 9001
ISO 22301
ISO-20000-1
ISO 14001
ISO 45001
ISO 50001
Privacy Assessments
Privacy Assessments
Global CBPR & PRP Certification
GDPR Assessment
International Privacy Assessments
US State Privacy Assessments
Microsoft SSPA/DPR Assessment
FERPA Assessment
EU Cloud Code of Conduct
Federal Assessments
Federal Assessments
FedRAMP®
CMMC / NIST SP 800-171
FISMA/NIST
ITAR
CJIS
IRAP
FTC Consent Decrees
DoD IL6
Healthcare Assessments
Healthcare Assessments
HITRUST Certification
HIPAA Compliance
HIPAA Express
EPCS-DEA Audits
Health Data Host (HDS) Certification
Penetration Testing
Penetration Testing
Application
Network
Mobile
Red Teaming
Social Engineering
Cloud
Physical
Hardware and IoT
Advanced Series
AI Red Teaming
Cybersecurity Assessments
Cybersecurity Assessments
Cloud Configuration Assessments
Ransomware Assessments
NIST Cybersecurity Framework Assessments
Schellman Software Security Assessment (S3A)
TISAX®
SWIFT Customer Security Programme
Internal Audit Co-Sourcing
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
Learning Center
Our Technology
About Us
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships
ISO Certificate Directory
Contact Us

«  View All Posts

Why the AI Action Plan Is a Wake-Up Call for Data Center Compliance Blog Feature
Avani Desai

By: Avani Desai

Print/Save as PDF

Why the AI Action Plan Is a Wake-Up Call for Data Center Compliance

SOC Examinations | Artificial Intelligence | SOC 2

Published: Aug 4, 2025

Have you read the recently released America’s AI Action Plan yet? If so, you know that it’s full of ambitious goals to strengthen the country’s leadership in artificial intelligence. For me, one part in particular stood out immediately, the White House issued a clear call to action to the data center industry. 

Yes, the AI Action Plan sets a clear national directive: accelerate data center development to support AI workloads, especially those tied to national priorities. Accomplishing this will require fast-tracking permitting, upgrading energy infrastructure, and aligning with emerging standards from the Department of Defense, NIST, and other regulatory bodies. 

Proving that existing and future facilities which will need to be built to support these national needs are secure, resilient, and compliant will be key, as that assurance is what customers and agencies will require before entrusting them with sensitive AI models and data. As demand grows for compute environments that support AI at scale, so too will the need for third-party validation.  

That’s where SOC reporting comes in. 

Why is SOC Reporting Important for Data Centers? 

SOC 2 and SOC for Cybersecurity have become the leading frameworks for demonstrating security maturity across data center operations. Notably, these reports help address the critical questions that end users need validated, including: 

  • Are your access controls tested? 
  • Is your network architecture resilient? 
  • Can your teams respond to incidents, recover quickly, and maintain business continuity? 

For regulators, cloud customers, and government buyers, SOC reports are not just documentation—they serve as actual proof. 

How Schellman Can Help You Prepare for Secure AI Scaling 

At Schellman, we can help you prove your infrastructure is secure. We’re already working with 7 of the top 10 data center operators in the U.S., and we don’t just assess their facilities—we understand how they operate. We can leverage our deep experience in evaluating physical and logical controls across power, HVAC, access, connectivity, and more to help you, too.

Here are the different ways in which Schellman can support compliance for data centers across the country: 

  • SOC 2 and SOC for Cybersecurity reporting 
    We perform assessments that validate your security posture and operational controls, which are essential for gaining trust in an AI infrastructure world. 
  • Readiness assessments and gap analysis 
    We help identify what’s working, what’s missing, and how to build a roadmap to meet the bar before you start the process of a formal audit. 
  • Control testing and verification 
    We assess everything from physical access logs to firewall configurations to patching processes to ensure your controls work as designed. 
  • Third-party vendor assurance 
    We help you evaluate risk and demonstrate oversight in your environment, whether you host other cloud providers or rely on critical vendors instead. 
  • Resilience and availability assessments 
    We help validate that your operational resilience plan is not just written, but tested, tracked, and effective.  

Achieving a More Secure AI Future – For Data Centers and Beyond 

As the country continues to scale secure AI infrastructure, data centers are being asked to do their part. They’re no longer just part of the tech stack—data centers are becoming the foundation of America’s AI future. With that role comes more responsibility, more visibility, and yes, more scrutiny. 

To thrive, operators will need to do more, build more compute power, establish more resilience, and most importantly, create more trust. America’s AI Plan isn’t just a call to action; it’s an opportunity all data centers can now seize. 

Here at Schellman, we’ve proven we know how to help organizations navigate evolving security and compliance expectations like the ones recently set out by the White House. We’re ready to help you step up and lead with transparency and security so that you can differentiate your business in a crowded space and meet this moment with confidence. Contact us today to learn more. 

In the meantime, discover helpful SOC reporting insights in these additional resources:  

About Avani Desai

Avani Desai is the CEO at Schellman. Avani has more than 15 years of experience in IT attestation, risk management, compliance and privacy. Avani’s primary focus is on emerging healthcare issues and privacy concerns for organizations. Named as one of the 2017 Global Leaders in Consulting by Consulting Magazine she has also been featured and published in the ISSA Journal, ITSP Magazine, ISACA Journal, Information Security Buzz, Healthcare Tech Outlook, and many more. Avani also sits on the board of Catalist, a not for profit that empowers women by supporting the creation, development and expansion of collective giving through informed grantmaking. In addition, she is co-chair of 100 Women Strong, a female only venture philanthropic fund to solve problems related to women and children in the community.

4010 W Boy Scout Boulevard
Suite 600
Tampa, FL 33607

U.S. 1.866.254.0000

Outside the U.S.
1.813.288.8833

Resources
Company
Stay Up-to-Date

Sign up to receive Schellman's Weekly Read delivered every Friday morning.

© SchellmanPrivacy PolicyTerms of Use

“Schellman” is the brand name under which Schellman & Company, LLC and Schellman Compliance, LLC provide professional services. Schellman & Company, LLC and Schellman Compliance, LLC practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. Schellman & Company, LLC is a licensed certified public accounting firm (Florida license number AD62941) registered with the Public Company Accounting Oversight Board (PCAOB) that provides attest services to its clients, and Schellman Compliance, LLC provides nonattest cybersecurity and compliance professional services to its clients. Schellman Compliance, LLC is not a licensed CPA firm. Schellman & Company, LLC and Schellman Compliance, LLC are independently owned and are not liable for the services provided by any other entity providing services under the Schellman brand. Our use of the terms “our firm” and “we” and “us” and terms of similar import, denote the alternative practice structure conducted by Schellman & Company, LLC and Schellman Compliance, LLC.