What is a Compliant Data Center?
Simply put, a compliant data center is a data center that conforms to a set of regulatory rules, specifications, standards or laws. Conforming to mandated laws or standards to meet federal and commercial regulations requires a considerable investment infrastructure, personnel and services. However, due to the significant cost, many commercial or private data centers have not made the proper investment in the physical, environmental and operational controls and services to meet the minimum regulatory requirements. Most regulatory requirements map to industry best practices such as redundant power and cooling, intrusion detection, 24x7x365 monitoring and staff, backups and documented policy and procedures. IT security and Information Assurance professionals tasked with ensuring their information systems meet compliance requirements, have limited options when it comes to selecting a compliant data center.
A compliant data center is more than just redundant infrastructure. Infrastructure, intrusion detection and information systems must be monitored, maintained and protected 24x7 by data center personnel in a compliant manner. Documenting the policy and procedures that govern how data center personnel monitor, maintain and protect customer information systems is a key requirement in the compliance roadmap. This key requirement is what separates a compliant data center from a non-compliant data center. Most information systems with a compliance requirement will be subject to an onsite review by compliance auditors in order to validate what controls are in place. Failure to provide documented policy and procedures to compliance auditors can result in a non-compliance designation for a system.
There are however, a few commercial hosting companies that specialize in delivering compliant data center infrastructure and services that map to federal and commercial regulations (FISMA, DIACAP, HIPAA, SOX, PCI and GLB) giving IT Security and information assurance professionals options on where to host their information system. This select few commercial hosting providers have made the investment in critical infrastructure, tools, services and personnel required to achieve compliance giving information system owners a valid and cost-effective compliant option without having to choose the cost prohibitive option of upgrading their internal infrastructure, personnel or services.
[ Authors ]
- Jon Greaves (44)
- Brian Winter (2)
- Carpathia Hosting (17)
- Paul Roberts (3)
- Teejay Riedl (5)
- Tim Burke (1)
- Rich Thompson (2)
[ Categories ]
[ Archives ]
Archives
- July 2012
- June 2012
- April 2012
- March 2012
- February 2012
- December 2011
- October 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- February 2010
- January 2010
- December 2009
- November 2009
- September 2009
- August 2009
- June 2009
- May 2009
- March 2009
- January 2009
- January 2008
Write a comment
Posts: 24
Reply #24 on : Sun December 09, 2012, 19:04:47
Posts: 24
Reply #23 on : Sun October 07, 2012, 06:06:49
Posts: 24
Reply #22 on : Sun October 07, 2012, 01:23:40
Posts: 24
Reply #21 on : Thu September 13, 2012, 02:25:15