A secure and reliable data center: is it just a building with locked doors and multiple cooling and power facilities? Is it about showing ISO certificates or is managing security and compliance also about managing the privacy of clients, creating a safe area to work, delivering top quality and making sure that clients are online at all times?
Clients store systems that contain personal information, process data, financial data and/or process data that are necessary to meet their business goals. Therefore, datacenters must deliver in power, cooling and connectivity without interruptions. They also need to deliver a secure area that prevents unauthorized access to IT systems. Of course, there are several risks that can have a negative impact on these objectives that a datacenter must mitigate.
Every data center can explain and demonstrate which measures are taken to convince clients that the data center environment is safe, secure and reliable. Designing and implementing measures to meet the data center’s objectives is a generic process and basic elements in delivering security and quality are described in frameworks. However, to actually prove that a data center meets its objectives, certification is advised.
The ISO 27001 and ISO 9001 are two of the key certificates to demonstrate that processes within a company meet the general accepted ISO standards regarding quality and information security. The ISO standards prove that a company is aware of information security and quality and shows that management objectives are met.
Another important certification regarding information security is PCI-DSS. The PCI-DSS framework provides best practices regarding security controls and the certification provides assurance that appropriate security measures are met. PCI-DSS also proves that highly sensitive information is processed securely.
Besides certifications like ISO and PCI, an assurance report like ISAE3402, SSAE16 and/or SOC2 can confirm the effectiveness of controls over the past period. For a data center the assurance report will focus on controls related to the delivery of secure housing and reliability in power, cooling and connectivity.
To create a secure environment, a data center collects information concerning physical access, including biometric information. This information is collected via security cameras, access registration, client registration etcetera. All information is interrelated with the privacy of the visitors. It is important that privacy sensitive data is handled with confidentiality and integrity. Therefore, appropriate security measures must be taken. Several new regulations, including the Dutch ‘Wet Bescherming Persoonsgegevens’ (WBP) and the ‘General Data Protection Regulation’ (GDPR), demand organizations to design security measures to mitigate the risk of unauthorized access to personal information and to prevent abuse of personal information. Delivering a secure data center demands collecting information that may contain personal information. A data center should not only provide a secure and reliable space for its clients, it should also make sure that all collected information is secured against abuse.
At Datacenter.com, we care about our customers’ privacy and assets. We understand that our customers’ critical processes and data needs to be handled with special care. Confidentiality and integrity is very important and the IT Infrastructure needs to be available at all time. It is our responsibility to take all the necessary measures to guarantee maximum security, privacy and availability. The processes we have implemented are in accordance with the latest best practices and frameworks. To prove how much we care, we are certified with ISO 9001, ISO 27001 and PCI-DSS. Additionally, we deliver an assurance report (ISAE 3402) that demonstrates that our controls regarding security, privacy and availability operate effectively. We also care about our environmental responsibilities. Therefore, we designed controls according ISO 14001 got certified.
Do you have questions or remarks? Contact our Security & Compliance Manager Jouke Albeda.