Physical Security includes locking down and logging all physical access to our data centre.
- Data centre access is limited to only authorised personnel
- Badges and biometric scanning for controlled data centre access
- Security camera monitoring at all data centre locations
- Access and video surveillance log retention
- 24x7 onsite staff provides additional protection against unauthorised entry
- Unmarked facilities to help maintain low profile
- Physical security audited by independent firms annually
Operational Security involves creating business processes and policies that follow security best practices to limit access to confidential information and maintain tight security over time.
- ISO 27001/2 based policies, reviewed at least annually (Rackspace is currently working towards this certification for our Australian facility)
- Documented infrastructure change management procedures
- Secure document and media destruction
- Incident management function
- Business continuity plan focused on availability of infrastructure
- Independent reviews performed by third parties
- Continuous monitoring and improvement of security program
Network Infrastructure provides the availability guarantees backed by aggressive SLAs.
- High-performance bandwidth provided by multiple network providers
- Elimination of single points of failure throughout shared network infrastructure
- Cables properly trunked and secured
- Proactive network management methodology monitors network route efficiency
- Real-time topology and configuration improvements to adjust for anomalies
- Network uptime backed by Service Level Agreements
- Network management performed by only authorised personnel
Environmental Controls implemented to help mitigate against the risk of service interruption caused by fires, floods and other forms of natural disasters.
- Dual power paths into facilities
- Uninterruptable power supplies (minimum N+1)
- Diesel generators (minimum N+1)
- Service agreements with fuel suppliers in place
- HVAC (minimum N+1)
- Smoke detectors
- Flood detection
- Continuous facility monitoring
Human Resources provides Rackspace employees with an education curriculum to help ensure that they understand their roles and responsibilities related to information security.
- Reference checks taken for employees with access to customer accounts
- Employees are required to sign non-disclosure and confidentiality agreements
- Employees undergo mandatory security awareness training upon employment and annually thereafter
Security Organisation includes establishing a global security services team tasked with managing operational risk, by executing an information management framework based on the ISO 27001 standard.
- Security management responsibilities assigned to Global Security Services
- Chief Security Officer oversight of Security Operations and Governance, Risk, and Compliance activities
- Direct involvement with Incident Management, Change Management, and Business Continuity