Data Center Security: How We Secure Data

RedFile Global works with two of the world’s leading cloud computing companies, Amazon Web Services, and Softlayer Technologies, Inc., to deliver secure capabilities for classification, attribute extraction, content enabling, electronic discovery processing, review, and hosting services.

These data center operations ensure the highest levels of enterprise facility (physical), applications, network and storage security. Certification and compliance achievements for data center operations include:

1) ISO-20000-1

2) ISO-27001

3) SSAE-16 SOC 1

4) SOC 2 (Service Organization Control)

5) HIPAA (Health Insurance Portability and Accountability Act)

6) U.S. -EU Safe Harbor 

7) FFIEC (Federal Financial Institutions Examination Council)

A short description of these important certification and compliance achievements is provided below.

ISO-20000-1 Certification

This certification reinforces the best practices of ITIL and demonstrate to our customers that we are process focused and dedicated to delivering world class IT services.

ISO-20000 is an international standard that is based on the best practices of ITIL. The ISO 20000-1 standard promotes the adoption of an integrated process approach to effectively deliver managed services to meet business and customer requirements. This standard provides a consistent approach by all service providers in a supply chain, benchmarks IT service management, is a basis for an independent assessment, demonstrates the ability to meet customer requirements, and is a framework to improve service. Our ISO policies and procedures are audited annually by our Service Improvement Team, and the ISO Certification Audit is performed by SRI Quality System Registrar every three years, with surveillance audits performed at 12-month intervals between re-certifications.  Learn more about ISO standards.

ISO-27001 Certification

This certification is the first international standard for IT information security management and is a security and risk based set of standards.

The ISO 27000 family of standards helps organizations keep information assets secure. Using this family of standards helps organizations manage the security of assets such as financial information, intellectual property, employee details or information entrusted to them by third parties. ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS). Learn more about ISO/IEC 27001.

SSAE-16 SOC 1 Examination

This examination replaces SAS70 and is an assessment of controls applicable to financial services.

The SSAE-16 SOC 1 examination is designed to validate establishment and adherence to defined control environments and is conducted by an external CPA firm. This report is typically required customers’ financial auditors as part of their year-end financial reporting. The SSAE-16 report alleviates the need for a customer’s auditor to perform redundant testing for data center operations. Learn more about SOC 1.

SOC 2 (Service Organization Control 2) Examination

This examination reports on the controls at a service organization relevant to security, availability, processing, integrity confidentiality or privacy.

These examinations are intended to meet the needs of a broad range of users that need to understand internal control at a service organization as it relates to security, availability, processing integrity, confidentiality and privacy. These examinations are performed using the AICPA Guide: Reporting onControls at a Service Organizations Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy and are intended for use by stakeholders (e.g., customers, regulators, business partners, suppliers, directors) of the service organization that have a thorough understanding of the service organization and its internal controls.

Similar to SOC 1 there are two types of reports: Type 2, report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls; and Type 1, report on management’s description of a service organization’s system and the suitability of the design of controls. Learn more about SOC 2.

HIPAA (Health Insurance Portability and Accountability Act) Compliance

Compliance ensures implementation of physical, technical and administrative safeguards to deliver services in accordance with HIPAA/HITECH obligations.

HIPAA Security Rule is a national standard for the security of electronic protected health information, passed in 1996.

The HITECH Act was passed in 2009 which extended the HIPAA requirements to ‘business associates’, made the HIPAA requirements legally enforceable, added a notification of breach section, and added further access for the public to protected health information. Learn more about HIPAA/HITECH ACT.

U.S. -EU Safe Harbor Certification

The U.S.-EU Safe Harbor Framework provides guidance for U.S. organizations on how to provide adequate protection for personal data from the EU as required by the European Union’s Directive on Data Protection.

The safe harbor is an important way for U.S. companies to avoid experiencing interruptions in their business dealings with the EU or facing prosecution by European authorities under European privacy laws. Certifying to the safe harbor assures that EU organizations know that “adequate” privacy protection, as defined by the Directive, has been provided. Learn more about U.S. -EU Safe Harbor Compliance.

FFIEC (Federal Financial Institutions Examination Council) Audit

This 18-month rotational basis audit covers data center availability services.

The FFIEC publishes reports by each of its member agencies and each of them controls the distribution of their report. Learn more about the FFIEC.

Contact us today to learn more.