March 1, 2023
How secure is your data center? In order to pass HIPAA and SSAE 16 Type II certifications, Green House Data has over sixty auditable security and compliance measures. Each compliant data center is audited once per year.
Some of the security measures are standard practice, while others had to be added to daily practices in some facilities in order to gain compliance. This list can help you get your data center up to speed – or see just how much effort goes into keeping server rooms monitored, secured, and fully auditable.
Ref No. Control Area Control Specification 1.1 Policies and Procedures
The policies define common security and availability requirements for all Green House Data personnel and systems that create, maintain, store, access, process, or transmit information.
1.2 Policies and Procedures
Green House Data requires employees to read and sign the employee handbook, which includes an acceptable use policy indicating their willingness to comply with company policies and procedures.
1.3 Policies and Procedures
Each employee is required to attend a security awareness training session that also addresses availability on an annual basis.
1.4 Policies and Procedures
Responsibility for security and availability has been assigned to the Security and Compliance Administrator.
1.5 Policies and Procedures
It is the Security and Compliance Administrator’s responsibility to ensure that information security and availability policies are reviewed, updated as necessary, and approved for distribution.
1.6 Policies and Procedures
The security and data center availability obligations of employees are communicated within the information security and availability policies and annual Security Awareness training.
1.7 Policies and Procedures
Issues of non-compliance with policies are dealt with immediately and could ultimately result in termination.
1.8 Policies and Procedures
Green House Data has created a security risk analysis which is updated periodically that outlines potential risks related to the data center services provided to clients.
1.9 Policies and Procedures
Green House Data information security and availability policies provide for the identification of applicable laws, defined commitments, and service-level agreements.
1.10 Policies and Procedures
Green House Data has provided internal and external users with information on how to report security and availability failures, incidents, concerns and other complaints.
2.1 Organizational Management
Green House Data’s organizational structure is organized into three primary areas, namely Engineering, Client Service, and Administration, so that client services are handled in the most timely and efficient manner possible.
2.2 Organizational Management
To increase the operational effectiveness of employees within this structure, every position has a job description so that individuals understand their responsibilities.
2.3 Organizational Management
This collaborative approach involves a number of activities including frequent discussions between executivemanagement and employees and other incentives that all work to align each individuals’ job responsibilities with th organization’ directives.
2.4 Organizational Management
Applicants for full-time Green House Data employment are required to complete a successful background check, which includes confirming work experience, prior employment, academic diplomas and degrees, and any required licensure.
2.5 Organizational Management
New hires are required to review the Green House Data employee handbook and sign an agreement that states that they will abide by the company policies.
3.1 Physical Security
The data centers at Green House Data are protected through physically and logically secured card key systems and keypads or biometric locks 24/7/365.
3.2 Physical Security
Engineering at Green House Data monitors security surveillance cameras positioned at key locations within the facilities so that client assets are safeguarded.
3.3 Physical Security
Only authorized individuals who have access to the data centers can access the equipment within the cabinets.
3.4 Physical Security
Visitors to the data centers, including contractors, must sign the visitor log upon entry and must be accompanied at all times.
3.5 Physical Security
Engineering is notified when individuals no longer require access to the data centers. Upon notification, the security systems controlling the card keys, keypads, and biometrics are updated in order to revoke access rights to the data centers.
3.6 Physical Security
Access to each data center requires the specific approval of management responsible for the data center.
3.7 Physical Security
The results of the daily data center walkthroughs are documented in shift reports.
4.1 Logical Access
Access to Green House Data’s network and clients’ networks is controlled by Engineering and is restricted to authorized Green House Data employees.
4.2 Logical Access
A valid username and password is required to log into Green House Data’s network.
4.3 Logical Access
The network password policy configuration enforces an appropriate level of password complexity to help prevent unauthorized network access.
4.4 Logical Access
Both of these remote access methods utilize secure sockets layer (SSL) connections over a virtual private network (VPN) and require authorized users to authenticate with a username and password.
4.5 Logical Access
Network access requests must be approved by an appropriate member of management.
4.6 Logical Access
When an individual’s employment with Green House Data is terminated, a system administrator revokes the user’s access.
4.7 Logical Access
Administrator-level access privileges are restricted to only those individuals who require such access to perform their respective job functions.
5.1 Logical Access
By effectively utilizing VLANs, each client has their own dedicated virtual Internet Protocol (IP) network environment that is logically partitioned from all other client environments.
5.2 Logical Access
Client data and programs are on individual host and/or guest operating systems, which are configured to prevent access by other clients.
5.3 Logical Access
Each Washington data center client gets two Ethernet handoffs, and they are addressed only with their IP spaces.
6.1 Change Management
Green House Data has a detailed Change Management Policy and Procedure in place that addresses changes to all data center equipment, including network hardware and telecommunications devices.
6.2 Change Management
In Cheyenne, no hardware, software, furniture, shelving or other materials are removed or added to the data centers without prior approval from the change management committee.
6.3 Change Management
At all Green House Data locations, all changes planned in the data centers are fully documented within a Green House Data Change Request Ticket and changes in Cheyenne data centers are approved at the change management committee meeting held twice a week, every Tuesday and Thursday afternoon at 2:00 pm.
6.4 Change Management
If system changes impact clients or internal Green House Data employees, notification of the change is sent to the impacted parties in a timely manner.
.png){kind=logo}
We're here to help you tackle what's next in your digital journey.
