<
Get in Touch

Live chat is currently offline, please check back later.

866.364.6033

Best Practices for Physical Security and Controls in Data Centers

By TJ Karklins, Senior Vice President, zColo

Zayo’s zColo Data Centers Successfully Complete External Compliance Audits

Last week, our blog focused on the importance of cyber security in an environment of increased threats and vulnerability. Within a data center environment, physical security and rigorous controls are equally important. That’s why our zColo data centers enhanced our security and controls in 2017, conducted employee training and extended six major audits to all of our U.S. facilities.

We’ve worked hard to have multi-layer physical security, including biometrics, “man traps,” cabinet locks, dual authenticated customer access, and camera surveillance. In addition to physical security, we are also focused on defining and adhering to processes, controls, and training that are best-in-class.

The result: all 37 U.S. zColo data centers have successfully completed and been issued external compliance audits. It’s a 60 percent increase in the number of fully audited facilities, providing independent, third-party verification that our data centers meet the most stringent requirements.

The audits include:

  • SOC 1 Type 2: This Service Organization Control report, developed by the American Institute of Certified Public Accountants, describes an organization’s system and controls and delivers an opinion of their effectiveness.
  • SOC 2 Type 2: Provides a detailed assessment of controls in two key areas: security and availability.
  • SOC 3: A summarized version of SOC 2, which is available for customer and stakeholder review.
  • HIPAA: The Health Insurance Portability and Accountability Act of 1996 specifies laws to secure protected health information and patient health data. Rigorous compliance standards include physical security and controls, security incident procedures, contingency plans and employee awareness and training.
  • GLBA: The Gramm-Leach-Bliley Act establishes controls and transparency that apply to the financial services sector.
  • PCI DSS: The Payment Card Industry Data Security Standard is a set of security standards to ensure that companies that process, store or transmit credit card information maintain a secure environment.

zColo is working to add FISMA Moderate to eight of our U.S. locations in Q1. FISMA Moderate is a key certification for U.S. Government data center outsourcing.  We plan to have all of our domestic data centers certified by the end of 2018. In Europe, we’re moving forward aggressively with ISO 27001 compliance, which is a set of international standards for information security management.

All audit reports are available for our customers upon request.

TJ Karklins is senior vice president of the zColo business segment, responsible for strategy, operations and investment and financial performance of Zayo’s data center business. TJ’s career spans sales, finance and leadership roles in technology and international businesses. He began his career as an officer and aviator in the U.S. Army where he commanded helicopter units in the 4th Aviation Brigade. He is a Wharton Fellow and holds an MBA from the University of Denver and a Bachelor of Science degree from the University of Colorado.