Managing security and compliance in a data center

Managing security and compliance in a data center

A secure and reliable data center: is it just a building with locked doors and multiple cooling and power facilities? Is it about showing ISO certificates or is managing security and compliance also about managing the privacy of clients, creating a safe area to work, delivering top quality and making sure that clients are online at all times?

Clients store systems that contain personal information, process data, financial data and/or process data that are necessary to meet their business goals. Therefore, datacenters must deliver in power, cooling and connectivity without interruptions. They also need to deliver a secure area that prevents unauthorized access to IT systems. Of course, there are several risks that can have a negative impact on these objectives that a datacenter must mitigate.

Certifications

Every data center can explain and demonstrate which measures are taken to convince clients that the data center environment is safe, secure and reliable. Designing and implementing measures to meet the data center’s objectives is a generic process and basic elements in delivering security and quality are described in frameworks. However, to actually prove that a data center meets its objectives, certification is advised.

The ISO 27001 and ISO 9001 are two of the key certificates to demonstrate that processes within a company meet the general accepted ISO standards regarding quality and information security. The ISO standards prove that a company is aware of information security and quality and shows that management objectives are met.
Another important certification regarding information security is PCI-DSS. The PCI-DSS framework provides best practices regarding security controls and the certification provides assurance that appropriate security measures are met. PCI-DSS also proves that highly sensitive information is processed securely.

Besides certifications like ISO and PCI, an assurance report like ISAE3402, SSAE16 and/or SOC2 can confirm the effectiveness of controls over the past period. For a data center the assurance report will focus on controls related to the delivery of secure housing and reliability in power, cooling and connectivity.

Regulations

To create a secure environment, a data center collects information concerning physical access, including biometric information. This information is collected via security cameras, access registration, client registration etcetera. All information is interrelated with the privacy of the visitors. It is important that privacy sensitive data is handled with confidentiality and integrity. Therefore, appropriate security measures must be taken. Several new regulations, including the Dutch ‘Wet Bescherming Persoonsgegevens’ (WBP) and the ‘General Data Protection Regulation’ (GDPR), demand organizations to design security measures to mitigate the risk of unauthorized access to personal information and to prevent abuse of personal information. Delivering a secure data center demands collecting information that may contain personal information. A data center should not only provide a secure and reliable space for its clients, it should also make sure that all collected information is secured against abuse.

At Datacenter.com, we care about our customers’ privacy and assets. We understand that our customers’ critical processes and data needs to be handled with special care. Confidentiality and integrity is very important and the IT Infrastructure needs to be available at all time. It is our responsibility to take all the necessary measures to guarantee maximum security, privacy and availability. The processes we have implemented are in accordance with the latest best practices and frameworks. To prove how much we care, we are certified with ISO 9001, ISO 27001 and PCI-DSS. Additionally, we deliver an assurance report (ISAE 3402) that demonstrates that our controls regarding security, privacy and availability operate effectively. We also care about our environmental responsibilities. Therefore, we designed controls according ISO 14001 got certified.

 

Do you have questions or remarks? Contact our Security & Compliance Manager Jouke Albeda.

More Insights

  • On-Demand Data Center Interconnection Platform DCspine Deploys PoP in New Amsterdam Facility Datacenter.com

    Datacenter.com, today announces that DCspine has opened a Point-of-Presence (PoP) in Datacenter.com's new Amsterdam facility. DCspine is an on-demand - fully automated, scalable, high capacity - data center interconnection platform designed for the cloud era.

    Read more
    Read more
    news
  • Up to 3 months free colocation in Amsterdam

    Promotion: up to 3 months free colocation in our Amsterdam state-of-the-art data center. Check out our blog post.

    Read more
    Read more
    news
  • The protection of your data infrastructure

    Designing and, implementing highly secured "gold standard" data center facility capable of hosting the most sensitive data (such as a bank or government data), cost a lot of effort and money.

    Read more
    Read more
    Blog

Call us on +31 (0)20 - 2384 200
We are happy to answer your question

Email us for more information