Hardware/Data Storage
Compliance and Certification

Our Data Center Partner (DCP) serves as our SADOS storage facility for our customer data, servers, virtual private servers, and employee onboarding/offboarding provisioning of devices preparing for shipment from storage. Our DCPs security operates 24x7x365 with highly trained professionals who monitor the network security, physical security, critical infrastructure, shipping/receiving lanes, and provisioning areas. Our DCPs in-house security team also operates 24x7x365, providing lobby security and access control, facility-wide digital camera monitoring, and intrusion detection monitoring.

Compliance and Certifications

SOC1 and SOC2 Type II

Every year, SADOS works together with our DCP to ensure the SOC1 and SOC 2 Type II audits with a nationally recognized accounting firm with zero exceptions. We don’t just meet SOC1 and SOC 2 standards – in most cases, we exceed them. DCP hardened physical security and audited process controls give our customers assurance that we take their hardware and data security seriously. Provided throughout the facility is a 5-step security apparatus featuring gated entry, TourLock security revolving doors, man traps, retina scan door locks, and pin code keypads to access the cage.

ISO 27001

ISO 27001 (known as ISO/IEC 27001:2013) is an international standard outlining best practices for an information security management system (ISMS), which is a framework of policies and procedures that includes all legal, physical, and technical controls involved in an organization’s information risk management processes.

The ISO 27001 designation is considered the global gold standard in information security, and thus further validates DCPs ability to design, build and operate data centers suited for the international information security requirements of hyperscale cloud and large enterprise customers.

DCP completed a thorough audit certified by a third-party agency CPA, a certification body for management systems accredited through the ANSI-ASQ National Accreditation Board (ANAB) and United Kingdom Accreditation Service (UKAS). The auditors examined DCP ISMS, which sits atop their operations and data center controls.

To earn certification for the ISO 27001 standard,DCP was audited across an extensive set of controls, policies, procedures, and guidelines, including the ability to:

• Systematically examine the threats, vulnerabilities, and impacts to their information security
• Implement a comprehensive suite of information security controls based on those risks and threats
• Adopt a process to ensure that information security controls continue to meet the organization’s information security needs on an ongoing basis.
  
  

PCI-DSS

DCP dedication to strict physical access controls and facility security give our customers peace of mind that we proactively safeguard their consumer information. PCI DSS is a vital industry standard for the protection of sensitive cardholder data, and DCP is proud to host compliance tours and interviews with our security staff in support of customer PCI DSS compliance verifications.

DCP PCI DSS 3.0 compliance assessment encompassed its entire portfolio of data center facilities including the Ashburn, VA campus. DCP makes all auditing and compliance documentation and reports available to customers upon request in support of their own compliance programs.

The PCI DSS is a comprehensive set of standards that require merchants and service providers that store, process, or transmit customer payment card data to adhere to strict information security controls and processes. It was created by the founding brands of the PCI Security Standards Council, which includes American Express, Discover Financial, JCB International, MasterCard Worldwide, and Visa Inc. The PCI DSS compliance assessment centers on IT security policy, cardholder data protection, network access and monitoring, and organization vulnerability management.

DCP PCI DSS compliance assessments are performed by an independent, third-party agency which has been accredited by the PCI Security Standards Council as a Qualified Security Assessor (QSA). This third-party agency provides assurance and compliance services to companies worldwide with a staff comprised of experts in accounting, information technology, and information security. The objective, independent audit performed by these seasoned industry experts against the PCI DSS standard ensures that DCP is providing the physical security required by our customers who process payment card data inside our data center facilities.

NIST-800

DCP is committed to providing the security and compliance required to host both federal government customers, federal systems integrators, and cloud service providers. To this end, DCP has implemented the NIST 800-53 high baseline controls necessary to support our customers’ Federal Information Security Management Act (FISMA) compliance efforts. Additionally, DCP has engaged a third-party agency, a licensed CPA firm and the only Type A accredited FedRAMP 3rd Party Assessment Organization (3PAO), to perform an attestation examination of our controls implementation. 

DCP has seen an increasing trend of government and government contracting firms requesting “FISMA high” data center compliance as a first pass filter in their colocation searches. In order to provide confidence that DCP complies with NIST 800-53 high baseline controls, DCP completed the months-long process for third-party attestation. DCP also completed the company’s System Security Plan, a more than 300-page document detailing the implementation of applicable security practices required at the NIST 800-53 high level.

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 to set national security standards for the security and privacy of electronic protected health information (ePHI) in the healthcare and health insurance industries. The HIPAA Security Rule of 2003 requires covered entities to implement or address over 50 administrative, physical, and technical safeguards designed to ensure the confidentiality, availability, and integrity of ePHI, including the prevention of unauthorized access to ePHI.

DCP engaged a third-party agency CPA, one of the top auditing firms in the United States, to review DCPs information security program and controls for compliance with the HIPAA Security Rule. Using attestation standards established by the American Institute of Certified Public Accountants (AICPA), this third-party agency found that DCPs program meets or exceeds the standard and applicable implementation specifications for safeguards as defined by the HIPAA Security Rule.

The HIPAA Security Rule has become the de facto security standard for the healthcare industry. The review and attestation by DCPs auditing firm gives healthcare and health insurance industry companies the confidence to run their critical IT systems in DCPs campus. 

Hardware Storage, Provisioning, Shipping/Receiving

SADOS customers enrolled in our Employee Onboarding/Offboarding solutions receive identical storage security to our Co-location customers. All hardware and devices including but not limited to servers, firewalls, switches, access points, modems, routers, laptop computers, desktop computers, and mobile devices are stored securely in our dedicated cage unit located in a secure vault at DCPs Ashburn, VA campus, allowing our provisioning team to take advantage of accessible daily shipping and receiving schedules, secure provisioning areas, SOC1 and SOC2 class security, and convenient proximity to UPS, DHL, and FedEx air delivery operations at Washington Dulles International Airport. 

Hardware Replacement Guarantee

SADOS will repair and/or replace hardware purchased by customers are protected from damages, loss, or theft with our Replacement Guarantee commitment. SADOS will repair and/or replace hardware that were purchased with a valid warranty (excludes refurbished hardware) through our vendor network and must have a paid device management plan to qualify.