Simply put, a compliant data center is a data center that conforms to a set of regulatory rules, specifications, standards or laws. Conforming to mandated laws or standards to meet federal and commercial regulations requires a considerable investment infrastructure, personnel and services. However, due to the significant cost, many commercial or private data centers have not made the proper investment in the physical, environmental and operational controls and services to meet the minimum regulatory requirements. Most regulatory requirements map to industry best practices such as redundant power and cooling, intrusion detection, 24x7x365 monitoring and staff, backups and documented policy and procedures. IT security and Information Assurance professionals tasked with ensuring their information systems meet compliance requirements, have limited options when it comes to selecting a compliant data center.
A compliant data center is more than just redundant infrastructure. Infrastructure, intrusion detection and information systems must be monitored, maintained and protected 24x7 by data center personnel in a compliant manner. Documenting the policy and procedures that govern how data center personnel monitor, maintain and protect customer information systems is a key requirement in the compliance roadmap. This key requirement is what separates a compliant data center from a non-compliant data center. Most information systems with a compliance requirement will be subject to an onsite review by compliance auditors in order to validate what controls are in place. Failure to provide documented policy and procedures to compliance auditors can result in a non-compliance designation for a system.
There are however, a few commercial hosting companies that specialize in delivering compliant data center infrastructure and services that map to federal and commercial regulations (FISMA, DIACAP, HIPAA, SOX, PCI and GLB) giving IT Security and information assurance professionals options on where to host their information system. This select few commercial hosting providers have made the investment in critical infrastructure, tools, services and personnel required to achieve compliance giving information system owners a valid and cost-effective compliant option without having to choose the cost prohibitive option of upgrading their internal infrastructure, personnel or services.