Simply put, a compliant data center is a data center that conforms to a set of regulatory rules, specifications, standards or laws. Conforming to mandated laws or standards to meet federal and commercial regulations requires a considerable investment in, infrastructure, personnel and services. However, due to the significant cost, many commercial or private data centers have not made the proper investment in the physical, environmental and operational controls and services to meet the minimum regulatory requirements.
The most regulatory requirements map to industry best practices:
- Redundant Power and Cooling
- Intrusion Detection
- 24x7x365 Monitoring and Staff
- Backups and Documented Policy and Procedures
This is just the start, here is an example of a Compliant Data Ceter
IT security and Information Assurance professionals tasked with ensuring their information systems meet compliance requirements, have limited options when it comes to selecting a compliant data center.A compliant data center is more than just redundant infrastructure. Infrastructure, intrusion detection and information systems must be monitored, maintained and protected 24x7 by data center personnel in a compliant manner. Documenting the policy and procedures that govern how data center personnel monitor, maintain and protect customer information systems is a key requirement in being compliant. This key requirement is what separates a compliant data center from a non-compliant data center. Most information systems with a compliance requirement will be subject to an onsite review by compliance auditors in order to validate what controls are in place. Failure to provide documented policy and procedures to compliance auditors can result in a non-compliance designation for a system.
When looking for a compliant hosting provider, they need to have made the investment in critical infrastructure, tools, services and personnel required to achieve compliance giving information system owners a valid and cost-effective compliant option without having to choose the cost prohibitive option of upgrading their internal infrastructure, personnel or services.
Also Ask about Hipaa Hitech