Cervalis
maintains SAS70 Type II Certification and TruSecure Certification.
These
certifications demonstrate that our operational processes
and controls meet superior standards of security, reliability
and
availability—an
assurance that our clients can pass on to their own customers.
We are also proud to be a member of the Cisco Powered Network
Program.
 Statement
on Auditing Standards (SAS) 70 Type II
Cervalis has achieved SAS70 Type II certification—one
of the most stringent auditing standards for service companies.
SAS70 Type II certification verifies
that Cervalis delivers fully secure, reliable, effective operating environments
with the proper controls for conducting high availability IT and Internet
operations. Third party auditors conduct annually the SAS70
Type II audit, which requires meticulous reviews and tests
of Cervalis' operational procedures and controls.
The SAS 70 Type II audit included comprehensive reviews and tests of Cervalis'
infrastructure, including power, physical and electronic security measures, backup
and recovery procedures, customer setup, network security, maintenance procedures,
infrastructure change management, environmental safeguards, communications, customer
service, management and user controls and insurance coverage.
SAS70 was developed by the American Institute of Certified Public Accountants
(AICPA) for service providers that wish to demonstrate a high level of control
effectiveness to independent auditors. It has become one of the most widely recognized
auditing standards for service companies.
 TruSecure
For several consecutive years, Cervalis has received the highly demanding TruSecure
Service Provider security assurance certification. TruSecure Corporation is the
leading provider of intelligent risk management products and services, and its
certification is the de facto standard for secure IT and Internet operations.
TruSecure’s Risk Management Program is an industry-recognized risk
reduction methodology that addresses all aspects of information security,
from network and system vulnerability analysis to physical and policy evaluation.
The certification tests are performed regularly, and companies must meet
all of the standards outlined
by TruSecure order to maintain certification.
Under the program, Cervalis works with TruSecure to regularly assess the company’s
overall security strategy with regard to its operations environment. The assessment
covers six categories of risk: privacy, electronic threats and vulnerabilities,
malicious code, physical security, human factors and downtime issues.
The goal of the TruSecure Risk Management Program is to verify and implement
effective security controls at every point within Cervalis’ network infrastructure,
and then check them on an ongoing basis to ensure they are continuously met.
Evaluation procedures under the TruSecure program include:
•
Repeated external and internal network scanning of the critical devices
in Cervalis’ network
• Network configuration reviews
•
Onsite inspections of Cervalis’ physical environment, including susceptibility
to theft, and Cervalis’ perimeter physical defenses, such as gates, locks,
surveillance devices and alarms
• Reviews of information security policies and procedures
 Cisco Powered Network Program
Cervalis’ network is based on Cisco products and services, ensuring our
clients the highest levels of availability and reliability. We are honored to
be a member of the Cisco
Powered Network Program, which recognizes providers that maintain industry leading
levels of network quality. Cisco established the
program in 1997 to help businesses find high-quality, reliable service providers.
|
