Data Center FAQ: Vancouver, BC, CA
Q: Which laws and standards does the data center adhere to?
A: Payment Card Industry (PCI).
Q: Does the data center have a formal information security charter, policies, standards, and/or guidelines?
A: Yes, and it is reviewed periodically.
Q: What types of measures are taken to ensure a secure, trusted workforce?
A: None, because at the moment the team is currently only made up of a small group of people
Q: Is the data center capable of quickly applying software patches for new security vulnerabilities?
A: Yes. The data center maintains its own package repositories for its internal systems, running on Debian and FreeBSD. The data center subscribes to multiple security notification lists, and regularly run audit software to check for new vulnerabilities.
Q: Are information security standards such as CIS, NIST, and/or DoD STIG to harden every component of your IT infrastructure (operating systems, servers, firewalls, routers, hypervisors, etc)?
Q: Are formal policies and procedures in place for provisioning/terminating the data center employee user accounts, role based access, password strength, and user access/permissions?
A: No, though password strength/complexity is enforced.
Q: Is regular internal and external penetration testing, and vulnerability scanning on all external/internal applications conducted?
Q: Does the data center use industry standards like ISO, OWASP, NIST, CMMI, and/or BSIMM to build in security for your Systems/Software Development Lifecycle (SDLC)?
Q: Does the data center have formal Disaster Recovery and Business Continuity plans that are regularly reviewed and tested?
Q: Are physical security perimeters around the data center’s data centers (fences, walls, barriers, guards, gates, electronic surveillance, physical authentication mechanisms, reception desks and security patrols) implemented?
A: Yes, including keyscan access to the facility, twodoor man traps, security cameras, etc.
Q: Are physical protections against damage from natural causes, disasters, and deliberate attacks anticipated, designed and have countermeasures applied such as fire detection/protection systems, UPS, backup generators, etc?
A: Yes, including uninterruptible power supplies (UPS), diesel backup generators, and a twophase fire suppression system.