Data Centre Security
Backup Policy and Retention
Each server is backed up on a daily basis to a central disk array in an offsite data centre.
Each backup is held on a rolling 7 day retention policy, providing the ability to restore any file from the last 7 days.
The backup is taken using a VSS snapshot to ensure consistent data from VSS aware applications such as Microsoft SQL Server.
Separate backups of PostgreSQL Server databases are also held locally for 7 days to allow for a fast restore.
Backups are held in a propriety format.
Data is replicated to an offsite location so it can be used to restore data to a secondary server, or provide server archives in the event of a catastrophic disaster at the primary site.
Disaster Recovery Scenario
Should the primary site suffer a catastrophic failure or event, we maintain a second presence which is linked to the primary site.
This site is used to host offsite services to help maintain our availability in the event of such a disaster.
A copy of backup data from within the last 7 days is held at this location, which can be provided as a restore to a fresh server on the internet, or as a data archive.
Our hosting services are fully insured against any terrorist event, and should such a scenario occur we would immediately put the recovery procedure into place:
1. Restore of core network and system functionality in secondary site:
Routing and network connectivity.
Network security and firewalling.
Verifying offsite services (DNS/backup mail/customer contact systems)
2. Procurement of replacement customer servers and restore of data for managed backups.
Sourcing and commissioning systems.
Install of software and restore of data.
Test and sign off each system.
All support and telephone systems are hosted offsite to ensure full contact should such an event occur.
For the restoration of services, a 4 hour SLA applies for such an event.
Data Centre (Physical Server Security)
PHYSICAL SERVER SECURITY
Our primary site benefits from high level infrastructure and tight security procedures to ensure the security of physical machines at the site.
The data centre has full ISO9001 and ISO 27001 accreditation.
The systems are housed within locked rack enclosures, with only authorised individuals provided access.
DATA CENTRE SECURITY
Independent client card identification access system.
Secure & monitored single-person point of entry, physically guarded 24/7 and integrated digital video camera surveillance.
Proximity card access will be provided from the main Data Centre building and will be issued to specific facilities management suites.
Strict security processes in place to ensure delivery and loading of goods are secure.
CCTV coverage for the perimeter, common areas and facilities management suites.
Protected perimeter fence, which is fitted with intruder sensing.
Secure access procedures to ensure you and your nominated staff gain authorised access to the facility whenever you require, day or night.
Data Centre (Power, Fire Suppression & Cooling)
6 independent 11kv three phase electrical supplies are provided from 3 separate national grid substations.
Standby Generation is provided at N+1 redundancy via diesel engine driven generators.
On-site fuel is stored to maintain full load operation for all generator sets for continuous running of 24 hours.
Back up deliveries are available from diverse supply depots.
ELECTRICAL POWER SUPPLY
Uninterruptible Power Supply System (UPS) is available to provide N+1 redundancy for critical computer supplies.
The UPS can support the facility for 15 minutes at full load, whilst switching to alternate supply, or standby generation start-up/synchronization takes place.
Data Centre areas are to be fitted with a fully addressable two stage fire detection system that monitors the under floor and the room.
Detectors with 50% mix of optical and ionisation are to be installed split across 2 separate zonal-loops, to meet BS 5839, 6266, 5445 and 5588.
Very early smoke detection alarms (VESDA) are installed throughout the facility.
Dry sprinkler fire detection system to meet BS 5306, 3115 and with LFEPA approval.
Whilst dry sprinkler is the main fire suppression method employed, gas suppression areas may be available for dedicated tenancy areas.
The planned systems are designed to minimise any possible customer disruption and to ensure that any minor problems remain localised.
6 x 2.7MW chillers N+2 configuration.
Room Air Conditioning Units (RACUs) to provide down flow chilled water system at N+25%.
RACU with bunded floor area and water leakage detection and monitoring.
Hot aisle/cold aisle zone design.
800mm raised floor design with airflow space to provide the most efficient cooling.
Free cooling operation in winter.
Maximum external ambient temperature of 35 degrees Celsius dry bulb.
The in-room units will provide a full function, closed control air conditioning, with cooling, humidity and de-humidification control.
Data Centre (Internal Change Procedures, Firewalls & Monitoring)
INTERNAL CHANGE PROCEDURES
Physical access is restricted to designated members of staff, and approved contractors for any maintenance of the physical servers or attached systems.
Network access is restricted to designated members of staff and approved contractors, network devices are secured with passwords and also access is further restricted to defined networks.
Server access is restricted to designated members of staff, each with individual logins to track access and the ability to lock a staff member out quickly should they no longer be involved with that system.
Access to servers is also restricted to certain networks, and encrypted VPN access outside of these approved networks.
Staff member logins are removed, and any common passwords changed within 3 days of them leaving the company.
At the end of a systems useful life it is disposed of by means of recycling the physical components, and full destruction of all hard disks using an approved data destruction contractor.
The disk destruction can be tracked, and certificates provided upon request to prove secure destruction.
Protected by two Fortigate IPS units, which operate as one system.
Should one unit fail, the other unit will take over its operations with no loss in service, providing maximum reliability while filtering any malicious traffic destined for your system.
IPS (Intrusion Protection Systems) also protect our network which helps prevent common application attacks such as SQL injection and XSS, these are updated every few hours with the latest attack data to help keep one step ahead.
Every element of our network is monitored, supported (by the likes of Cisco, Juniper and Fortinet) and logged 24x7, should an event occur which requires further investigation an on call engineer is paged and working on the issue within minutes, before a small problem impacts your business.