Data Center Policy

2025.1

Reviewed: 9/23/2024
Updated: 9/23/2024

Purpose and Scope:

1. The purpose of this policy is to define security standards assessed when evaluating data centers.
2. This policy covers any cloud hosted providers and facilities that are labeled as or function as data center

Controls and Procedures

Data Center Policy

1. When evaluating a data center, the following security measures must be addressed:
   a. Redundancy
   b. Availability
   c. Employee and third-party data center access
   d. Access monitoring
   e. Intrusion detection
   f. Media destruction
   g. Operational support systems (power, climate, fire, etc.) h. Equipment maintenance and management
   i. Third party security attestation (SOC compliance, ISO 9001 & 27001 compliance, etc.)
2. Data centers sufficiently offering coverage for the above will be considered as potential host locations.
3. The following locations are classified by the organization as secure areas and are governed by this policy:
   a. Amazon Web Services