Information Security is a Big Concern to Us
Naturally, our clients and potential clients have serious concerns about their information being hosted online, and want to know the exact steps that are taken to protect their valuable data. We want to assure you that security is our number one priority for our users, and the information hosted in our application has never once been compromised. Continuing with our January FAQ series, we are tackling the extremely important topic: Information Security.
We will break out this subject into several different blog posts in order to cover the topic thoroughly, starting with answering FAQs around the physical security of our portal.
1. Where is the equipment hosted?
Rackspace is iOffice’s preferred partner for managed hosting services. iOffice has been hosting with Rackspace since 2005 and Rackspace consistently experiences 99.999 uptime with no security breaches.
2. Is the equipment hosting this application located in a physically secure facility, which requires badge access, at a minimum?
Yes. iOffice hosts with Rackspace for both data centers that are located in the US as well as the facility in the UK. Rackspace has deployed a multilayered physical security approach consistent with the requirements defined by the Industry Standards. Photo badges, proximity access cards, biometric devices, CCTV/DVR’s and alarms control access.
3. Can you describe the physical environment?
All Rackspace data centers are located in unmarked facilities to help maintain a low profile. In addition to security controls mentioned in #1 above, all Rackspace facilities utilized unarmed guard services which are present 24 hours a day, 7 days a week, 365 days a year. Roof and exterior walls of the Rackspace data centers are heavy duty rated at 130 mph with lightning grid on roof. All electrical and mechanical equipment is on 3 inch raised concrete pads. Backup generators are equipped with enough fuel to keep data center running for 4 to 5 consecutive days.
4. Who is authorized to enter any locked physical environment that houses customer’s application?
Rackspace does not provide traditional co-location hosting services. Consistent with ISO27002 and the scope of our SAS70 controls, Rackspace security requirements do not allow anyone on the Data Center floor except authorized Rackspace data center employees. Every Rackspace customer has their own private network infrastructure that is custom designed to meet each customer’s specific needs.
5. What personnel background checks do you perform?
All US employees, both Rackspace and iOffice, are screened prior to employment (verification of social security number, education check, employment check, criminal background check (local and Federal, felony and misdemeanor)). Background checks go back as far as 5 years; all data center employees are rechecked each year and are contracted out to ESS, Employment Screening Services in Plano, Texas.
All Rackspace employees are screened prior to employment including ‘right to work’ in the UK check; electoral roll check; identity check; employee history; reference check; and, dependent upon job function 9typicall customer facing functions), the following additional checks; educational/qualifications verification; Criminal Records Bureau (CRB) standard disclosure check: compliance check (including checks on sanction lists of applicable regulatory bodies); media search; and a credit check.
Identity Card and credit verification checks are performed for Rackspace employees. All employees are required to sign a confidentiality and non-disclosure agreement. Security training is mandatory during initial orientation. All customer data is considered confidential and is treated as such. It is mandatory that all data center employees will have annual mandatory high level background checks. This must e established with the Rackspace HR department and practices at all data centers.
It is required that US employees are subject to a background check, including social security, criminal record and background verification. The UK employees undergo Legal Right to live and work in the UK check, employment verification, education background verification (where applicable), and depending on the position, trade, criminal and/or credit verification.
Those are the top questions we get asked about the physical security of our portal application. Tomorrow, we will answer the FAQs regarding Network security. As always, if you have questions don’t hesitate to post in the comments and I will do my best to answer them for you.