data centre

Security considerations when choosing a Data Centre

10th February 2014 Posted in cloud hosting

For some customers, the deciding factor when choosing a hosting or CoLocation partner comes down to the Data Centre facility in which their infrastructure will be managed. This blog gives a briefing of some key security components that make a great Data Centre.

Security

Industry standards and regulatory requirements have been the catalysts for Data Centre evolution, driving progress and ensuring process efficiency. brightsolid data centre’s are continuously assessed by external industry governing bodies as well as independent auditors chosen by individual customers on their demand. This is crucial as independent audits and industry standards ensure objectivity and optimal resilience. Therefore, customers are safe in the knowledge that the chosen facility is predisposed to host sensitive, confidential and critical data sets and IT infrastructures.

What to look for?

brightsolid holds ISO, Tier 3+ capacity, FPAL and Business Impact Level accreditations detailed below: these are key accreditations companies should look for when choosing a facility.

ISO give credit to facilities who meet their Quality Management, Environment Management and Information Security Management inspections and assessments. The awarding standards are;

ISO 9001:2008 – Quality Management Systems. Audits based on process systems and what type of infrastructure the organisation has in place to ensure sufficient efficiency and operational excellence.

ISO 14001 – Environmental Management. This ISO sets out the criteria for an environmental management system, this does not set out the requirements for environmental performance.

ISO 27001:2005 – Information Security Management System (ISMS). This is the standard most recognised within the Information Technology and Security industry. It sets out the code of practice required to keep 27001:2005 up to date and acts as the quality assurance system working to help identify and mitigate against risk. Ultimately, this accreditation provides customers with confidence in an organisations capabilities and responsibilities regarding security, resilience and responsibility.

Increasingly, UK Government departments demand technology products and services meet IL2 or IL3 (Business Impact Levels) of security. Business Impact Levels are aligned to Government security classifications;

IL0 = No impact, which may cause information or financial loss

IL1 = Unclassified or Non Protectively Marked

IL2 = Protected or Sub-National security Marking (“Best Commercial Practice”)

IL3 = Restricted or High level Government Information

IL4 = Confidential or National Security Governance: The brightsolid capability

IL5 = Secret or Critical Military National Security

IL6 = Top Secret, MI5

To receive a Business Impact Level 2 or 3 + accreditation, enterprises must pass the ISO 27k audit; brightsolid are ISO 27001 accredited with IL4 capability.

The Data Centre Tier system has 5 levels and credits data centre’s based on their resilience levels. brightsolid hold Tier 3+ as Tier 4 has been achieved for specific projects.

FPAL is a carefully chosen database of suppliers within Oil and Gas sector. FPAL assert a pre-qualification, criteria and performance evaluation as well as on-going monitoring tools that ensure buyers are selecting from only the most opporational excellent suppliers.