Built For Designers & Developers

Data Center FAQ: London, UK

Q: Which laws and standards does the data center adhere to?

A: SOC2/SSAE16, CICA 5970, and Payment Card Industry (PCI).

Q: Does the data center have a formal information security charter, policies, standards, and/or guidelines?

A: Yes, and it is approved by senior management, communicated to employees, reviewed periodically, and published in a central repository.

 Q: What types of measures are taken to ensure a secure, trusted workforce?

A: Background checks are conducted on all employees, consultants, temporary workers, and external providers. Employees are also required to sign non­disclosure agreements, roles and responsibilities are all defined, and we provide ongoing information security and privacy awareness education for all new and existing employees. Disciplinary/termination processes and procedures also exist.

Q: Is the data center capable of quickly applying software patches for new security vulnerabilities?

A: Yes.

Q: Are information security standards such as CIS, NIST, and/or DoD STIG to harden every component of your IT infrastructure (operating systems, servers, firewalls, routers, hypervisors, etc)?

A: No.

Q: Are formal policies and procedures in place for provisioning/terminating the data center employee user accounts, role­based access, password strength, and user access/permissions?

A: Yes.

Q: Is regular internal and external penetration testing, and vulnerability scanning on all external/internal applications conducted?

A: Yes, for the PCI compliant production environment.

 Q: Does the data center use industry standards like ISO, OWASP, NIST, CMMI, and/or BSIMM to build in security for your Systems/Software Development Lifecycle (SDLC)?

A: No.

 Q: Does the data center have formal Disaster Recovery and Business Continuity plans that are regularly reviewed and tested?

A: Yes, there is a business continuity plan in place. There is not currently a disaster recovery plan in place.

 Q: Are physical security perimeters around the data center’s data centers (fences, walls, barriers, guards, gates, electronic surveillance, physical authentication mechanisms, reception desks and security patrols) implemented?

A: Yes, including biometric key cards, and a CCTV system.

 Q: Are physical protections against damage from natural causes, disasters, and deliberate attacks anticipated, designed and have countermeasures applied such as fire detection/protection systems, UPS, backup generators, etc?

A: Yes, including flood, fire, and power failure protection.