Data Center FAQ: Amsterdam, NL
Q: Which laws and standards does the data center adhere to?
A: SOC 2/SSAE 16 (formerly SAS 70 Type II), and EU Safe Harbor.
Q: Does the data center have a formal information security charter, policies, standards, and/or guidelines?
A: Yes, and it is approved by senior management, communicated to employees, reviewed annually, published in a central repository, and aligned aligned with industry standards such as ISO 27001/2, NIST, ITIL, and CoBIT.
Q: What types of measures are taken to ensure a secure, trusted workforce?
A: Background checks are conducted on all employees, consultants, temporary workers, and external providers. Employees are also required to sign nondisclosure agreements, roles and responsibilities are all defined, and we provide ongoing information security and privacy awareness education for all new and existing employees. Disciplinary/termination processes and procedures also exist.
Q: Is the data center capable of quickly applying software patches for new security vulnerabilities?
A: Yes, the data centers have a formal patch management program, and the capability to rapidly patch vulnerabilities across all of the computing devices, applications, and systems.
Q: Are information security standards such as CIS, NIST, and/or DoD STIG to harden every component of your IT infrastructure (operating systems, servers, firewalls, routers, hypervisors, etc)?
A: Yes, NIST 80053 is adhered to in most technology areas of the data centers.
Q: Are formal policies and procedures in place for provisioning/terminating the data center employee user accounts, rolebased access, password strength, and user access/permissions?
A: Yes.
Q: Is regular internal and external penetration testing, and vulnerability scanning on all external/internal applications conducted?
A: Yes.
Q: Does the data center use industry standards like ISO, OWASP, NIST, CMMI, and/or BSIMM to build in security for your Systems/Software Development Lifecycle (SDLC)?
A: Yes, NIST.
Q: Does the data center have formal Disaster Recovery and Business Continuity plans that are regularly reviewed and tested?
A: Yes.
Q: Are physical security perimeters around the data center’s data centers (fences, walls, barriers, guards, gates, electronic surveillance, physical authentication mechanisms, reception desks and security patrols) implemented?
A: Yes, in accordance with SOC2.
Q: Are physical protections against damage from natural causes, disasters, and deliberate attacks anticipated, designed and have countermeasures applied such as fire detection/protection systems, UPS, backup generators, etc?
A: Yes, in accordance with SOC2.