Data Security and Certifications

Your data security is important to us. It is our policy to maintain the highest standards of physical and digital security for all customer data, hardware, and systems stored and managed within our facilities.

Our Data Center Partner

Our Data Center Partner (DCP) serves as our SADOS storage facility for customer data, servers, virtual private servers, and employee onboarding/offboarding provisioning of devices preparing for shipment from storage. Our DCP’s security operates 24x7x365 with highly trained professionals who monitor network security, physical security, critical infrastructure, shipping and receiving lanes, and provisioning areas. Our DCP’s in-house security team also operates 24x7x365, providing lobby security and access control, facility-wide digital camera monitoring, and intrusion detection monitoring.

Compliance and Certifications

SOC 1 and SOC 2 Type II

Every year, SADOS works together with our DCP to complete SOC 1 and SOC 2 Type II audits with a nationally recognized accounting firm, with zero exceptions. We don’t just meet SOC 1 and SOC 2 standards; in most cases, we exceed them. DCP’s hardened physical security and audited process controls give our customers assurance that we take their hardware and data security seriously. The facility features a 5-step security apparatus including gated entry, TourLock security revolving doors, man traps, retina scan door locks, and pin code keypads to access the cage.

ISO 27001

ISO 27001 (ISO/IEC 27001:2013) is an international standard outlining best practices for an information security management system (ISMS), a framework of policies and procedures that includes all legal, physical, and technical controls involved in an organization’s information risk management processes.
The ISO 27001 designation is considered the global gold standard in information security, and it further validates DCP’s ability to design, build, and operate data centers suited for international information security requirements of hyperscale cloud and large enterprise customers.
DCP completed a thorough audit certified by a third-party CPA firm accredited through the ANSI-ASQ National Accreditation Board (ANAB) and United Kingdom Accreditation Service (UKAS). The auditors examined DCP’s ISMS, which governs their operations and data center controls. To earn certification, DCP was audited across an extensive set of controls, policies, procedures, and guidelines covering systematic examination of threats and vulnerabilities, implementation of a comprehensive suite of information security controls, and adoption of a process to ensure that information security controls continue to meet the organization’s needs on an ongoing basis.

PCI-DSS

DCP’s dedication to strict physical access controls and facility security gives our customers peace of mind that we proactively safeguard their consumer information. PCI DSS is a vital industry standard for the protection of sensitive cardholder data, and DCP hosts compliance tours and interviews with security staff in support of customer PCI DSS compliance verifications.
DCP’s PCI DSS 3.0 compliance assessment encompassed its entire portfolio of data center facilities, including the Ashburn, VA campus. All auditing and compliance documentation is available to customers upon request in support of their own compliance programs.
The PCI DSS is a comprehensive set of standards requiring merchants and service providers that store, process, or transmit customer payment card data to adhere to strict information security controls. It was created by the founding brands of the PCI Security Standards Council, including American Express, Discover Financial, JCB International, MasterCard Worldwide, and Visa Inc. DCP’s compliance assessments are performed by an independent Qualified Security Assessor (QSA) accredited by the PCI Security Standards Council.

NIST-800

DCP is committed to providing the security and compliance required to host federal government customers, federal systems integrators, and cloud service providers. DCP has implemented the NIST 800-53 high baseline controls necessary to support customers’ Federal Information Security Management Act (FISMA) compliance efforts. A third-party licensed CPA firm and FedRAMP-accredited 3rd Party Assessment Organization (3PAO) performed an attestation examination of DCP’s controls implementation.
DCP also completed a System Security Plan, a more than 300-page document detailing the implementation of applicable security practices required at the NIST 800-53 high level, providing confidence to government and government contracting firms seeking FISMA-high data center compliance.

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 to set national security standards for the security and privacy of electronic protected health information (ePHI) in the healthcare and health insurance industries. The HIPAA Security Rule of 2003 requires covered entities to implement or address over 50 administrative, physical, and technical safeguards designed to ensure the confidentiality, availability, and integrity of ePHI.
DCP engaged a top-tier third-party CPA firm to review its information security program and controls for compliance with the HIPAA Security Rule. Using attestation standards established by the American Institute of Certified Public Accountants (AICPA), the auditing firm found that DCP’s program meets or exceeds the standard and applicable implementation specifications for safeguards as defined by the HIPAA Security Rule. This gives healthcare and health insurance industry companies the confidence to run their critical IT systems within DCP’s campus.

Hardware Storage, Provisioning, Shipping, and Receiving

SADOS customers enrolled in our Employee Onboarding/Offboarding solutions receive identical storage security to our colocation customers. All hardware and devices, including but not limited to servers, firewalls, switches, access points, modems, routers, laptop computers, desktop computers, and mobile devices, are stored securely in our dedicated cage unit located in a secure vault at DCP’s Ashburn, VA campus. This allows our provisioning team to take advantage of accessible daily shipping and receiving schedules, secure provisioning areas, SOC 1 and SOC 2 class security, and convenient proximity to UPS, DHL, and FedEx air delivery operations at Washington Dulles International Airport.

Hardware Replacement Guarantee

SADOS will repair and replace hardware purchased by customers and protect it from damages, loss, or theft under our Replacement Guarantee commitment. Hardware must have been purchased with a valid warranty (refurbished hardware excluded) through our vendor network, and the customer must have an active paid device management plan to qualify.