See All 61 Security, Control, and Audit Points in Our Data Centers
How secure is your data center? In order to pass HIPAA and SSAE 16 Type II certifications, Green House Data has over sixty auditable security and compliance measures. Each compliant data center is audited once per year.
Some of the security measures are standard practice, while others had to be added to daily practices in some facilities in order to gain compliance. This list can help you get your data center up to speed – or see just how much effort goes into keeping server rooms monitored, secured, and fully auditable.
Control Areas - The Full List
Ref No. Control Area Control Specification 1.1 Policies and Procedures
The policies define common security and availability requirements for all Green House Data personnel and systems that create, maintain, store, access, process, or transmit information.
1.2 Policies and Procedures
Green House Data requires employees to read and sign the employee handbook, which includes an acceptable use policy indicating their willingness to comply with company policies and procedures.
1.3 Policies and Procedures
Each employee is required to attend a security awareness training session that also addresses availability on an annual basis.
1.4 Policies and Procedures
Responsibility for security and availability has been assigned to the Security and Compliance Administrator.
1.5 Policies and Procedures
It is the Security and Compliance Administrator’s responsibility to ensure that information security and availability policies are reviewed, updated as necessary, and approved for distribution.
1.6 Policies and Procedures
The security and data center availability obligations of employees are communicated within the information security and availability policies and annual Security Awareness training.
1.7 Policies and Procedures
Issues of non-compliance with policies are dealt with immediately and could ultimately result in termination.
1.8 Policies and Procedures
Green House Data has created a security risk analysis which is updated periodically that outlines potential risks related to the data center services provided to clients.
1.9 Policies and Procedures
Green House Data information security and availability policies provide for the identification of applicable laws, defined commitments, and service-level agreements.
1.10 Policies and Procedures
Green House Data has provided internal and external users with information on how to report security and availability failures, incidents, concerns and other complaints.
2.1 Organizational Management
Green House Data’s organizational structure is organized into three primary areas, namely Engineering, Client Service, and Administration, so that client services are handled in the most timely and efficient manner possible.
2.2 Organizational Management
To increase the operational effectiveness of employees within this structure, every position has a job description so that individuals understand their responsibilities.
2.3 Organizational Management
This collaborative approach involves a number of activities including frequent discussions between executivemanagement and employees and other incentives that all work to align each individuals’ job responsibilities with th organization’ directives.
2.4 Organizational Management
Applicants for full-time Green House Data employment are required to complete a successful background check, which includes confirming work experience, prior employment, academic diplomas and degrees, and any required licensure.
2.5 Organizational Management
New hires are required to review the Green House Data employee handbook and sign an agreement that states that they will abide by the company policies.
3.1 Physical Security
The data centers at Green House Data are protected through physically and logically secured card key systems and keypads or biometric locks 24/7/365.
3.2 Physical Security
Engineering at Green House Data monitors security surveillance cameras positioned at key locations within the facilities so that client assets are safeguarded.
3.3 Physical Security
Only authorized individuals who have access to the data centers can access the equipment within the cabinets.
3.4 Physical Security
Visitors to the data centers, including contractors, must sign the visitor log upon entry and must be accompanied at all times.
3.5 Physical Security
Engineering is notified when individuals no longer require access to the data centers. Upon notification, the security systems controlling the card keys, keypads, and biometrics are updated in order to revoke access rights to the data centers.
3.6 Physical Security
Access to each data center requires the specific approval of management responsible for the data center.
3.7 Physical Security
The results of the daily data center walkthroughs are documented in shift reports.
4.1 Logical Access
Access to Green House Data’s network and clients’ networks is controlled by Engineering and is restricted to authorized Green House Data employees.
4.2 Logical Access
A valid username and password is required to log into Green House Data’s network.
4.3 Logical Access
The network password policy configuration enforces an appropriate level of password complexity to help prevent unauthorized network access.
4.4 Logical Access
Both of these remote access methods utilize secure sockets layer (SSL) connections over a virtual private network (VPN) and require authorized users to authenticate with a username and password.
4.5 Logical Access
Network access requests must be approved by an appropriate member of management.
4.6 Logical Access
When an individual’s employment with Green House Data is terminated, a system administrator revokes the user’s access.
4.7 Logical Access
Administrator-level access privileges are restricted to only those individuals who require such access to perform their respective job functions.
5.1 Logical Access
By effectively utilizing VLANs, each client has their own dedicated virtual Internet Protocol (IP) network environment that is logically partitioned from all other client environments.
5.2 Logical Access
Client data and programs are on individual host and/or guest operating systems, which are configured to prevent access by other clients.
5.3 Logical Access
Each Washington data center client gets two Ethernet handoffs, and they are addressed only with their IP spaces.
6.1 Change Management
Green House Data has a detailed Change Management Policy and Procedure in place that addresses changes to all data center equipment, including network hardware and telecommunications devices.
6.2 Change Management
In Cheyenne, no hardware, software, furniture, shelving or other materials are removed or added to the data centers without prior approval from the change management committee.
6.3 Change Management
At all Green House Data locations, all changes planned in the data centers are fully documented within a Green House Data Change Request Ticket and changes in Cheyenne data centers are approved at the change management committee meeting held twice a week, every Tuesday and Thursday afternoon at 2:00 pm.
6.4 Change Management
If system changes impact clients or internal Green House Data employees, notification of the change is sent to the impacted parties in a timely manner.
7.1 Environmental Controls
Proper temperature and humidity are maintained throughout the Cheyenne data centers using sensor controlle CRA an IDE units.
7.2 Environmental Controls
In the Washington data centers, there are CRAC units at all locations and the temperature is monitored by NOC personnel on an ongoin basis.
7.3 Environmental Controls
The Cheyenne data centers are equipped with air particle detection equipment that detects smoke, dust, moisture, or other particulates tha coul har equipment.
7.4 Environmental Controls
The original Cheyenne 01 data center is equipped with a Novec 1230 fire suppression system, and the Cheyenne 02 data center and the three Washingto dat center utiliz a pre action sprinkle system.
7.5 Environmental Controls
The data centers use a combination of UPS systems and diesel generators to supply sufficient power in the event of a power outage from the electric utility.
7.6 Environmental Controls
Environmental systems are monitored at all times within the NOC.
7.7 Environmental Controls
A Green House Data employee is on call at all times and receives a page or text when an incident occurs.
7.8 Environmental Controls
HVAC, UPS, diesel generator, and fire suppression equipment is maintained on a regular basis to keep the equipment in proper functioning order.
8.1 Systems Monitoring
Green House Data’s Engineering staff utilize network monitoring tools to continuously monitor all aspects of the network for Internet connectivity problems or other irregularities that could disrupt the service provided t clients.
8.2 Systems Monitoring
In Cheyenne, alerts are displayed on large panel monitors located within Engineering, and in all locations, alerts are sent via email to a defined distribution list, via text message and sent via page to the on-call employee.
8.3 Systems Monitoring
For problems that cannot be addressed immediately, a ticket is opened and the appropriate engineer is assigned to correct the problem.
8.4 Systems Monitoring
Problem tickets are continuously monitored by management to ensure problems are addressed in a timely manner, resolutions are documented, and the ticket is closed.
9.1 Performance and Availability
Formal procedures have been developed for the monitoring of system performance and availability, and the escalation of system-related problems.
9.2 Performance and Availability
Green House Data’s Engineering team monitors its systems 24/7/365 to maximize performance, preserve the integrity of the systems, and maintain systems availability.
9.3 Performance and Availability
Computer systems are monitored for CPU, memory, network, and disk utilization as well as network availability using active monitoring systems that alert Engineering upon reaching configured thresholds for certain metrics.
9.4 Performance and Availability
Green House Data’s systems are configured to notify Engineering via an alert in the event certain system performance and availability threshold metrics are met.
9.5 Performance and Availability
For alerts that need to be addressed, a ticket will be created and dealt with by Engineering in a timely manner.
10.1 Client Provisioning
The agreement detailing the terms and conditions of the services to be rendered is signed and returned by the client.
10.2 Client Provisioning
The technical specification documents contain detailed requirements information based on the client’s particular needs.
10.3 Client Provisioning
Based on the order requirements, an engineer sets up the services for the client using defined templates stored within the ticketing system to promote consistency and accuracy in the delivery of services.
10.4 Client Provisioning
Data center personnel will take a copy of photo identification for any client personnel that require access to the data center. Clients are also required to review, complete, and sign the necessary access forms to receive a card key, access codes, and cabinet key.
11.1 Network Device Security
The Green House Data network is built on multiple layers of routers, switches, and firewalls that are used in managing network traffic and are, therefore, critical in managing clients’ network and system security and availability.
11.2 Network Device Security
Access to all of the network devices on the Green House Data network is managed through the use of ACLs and rule sets that restrict device access to individuals accessing the devices from explicitly authorized IP addresses on the Green Hous Data network.
11.3 Network Device Security
In addition, access to configure network devices is restricted to authorized individuals only.
11.4 Network Device Security
An application runs each hour and performs a differential comparison of the configurations on all network devices and sends alerts to System Administrators when changes are made.
Phew! If you've made it this far and haven't found a security, monitoring, deployment, or compliance measure you need for your IT infrastructure, just reach out and we can make it happen. Custom deployments are standard at Green House Data. You can also read more about our security measures, compliance standards, and data centers to get more detailed information.