Skip to main content

Translate

Apa saja Data Center Standard Audit dan Report ?


Data Center Standards Cheat Sheet - From HIPAA to SOC 2

With the confusion regarding what audits and auditor reports apply to certain aspects of data center standards, I felt the need to create a basic data center/hosting solution audit cheat sheet to simplify matters. Here’s your comprehensive guide to data center audits and reports.
Safe Harbor
What is the U.S.-EU Safe Harbor Law? The U.S.-European Union Safe Harbor Program is a streamlined process for US companies to comply with the EU Data Protection Directive of 1998 on maintaining the privacy and integrity of personal data. Different from HIPAA, PCI and SOX compliance requirements, the Safe Harbor program framework was developed by the U.S. Department of Commerce in 2000 in consultation with the European Commission on Data Protection.
SAS 70
The Statement on Auditing Standard No. 70 was the original audit to measure a data center’s financial reporting and recordkeeping controls. Developed by the AICPA (American Institute of CPAs, there two types:
  • Type 1 – Reports on a company's description of their operational controls
  • Type 2 – Reports on an auditor's opinion on how effective these controls are over a specified period of time (six months)
SSAE 16
The Statement on Standards for Attestation Engagements No. 16 replaced SAS 70 in June 2011. A SSAE 16 audit measures the controls relevant to financial reporting.
  • Type 1 – A data center’s description and assertion of controls, as reported by the company.
  • Type 2 – Auditors test the accuracy of the controls and the implementation and effectiveness of controls over a specified period of time.
SOC 1
The first of three new Service Organization Controls reports developed by the AICPA, this report measures the controls of a data center as relevant to financial reporting. It is essentially the same as a SSAE 16 audit.
SOC 2
This report and audit is completely different from the previous. SOC 2 measures controls specifically related to IT and data center service providers. The five controls are security, availability, processing integrity (ensuring system accuracy, completion and authorization), confidentiality and privacy. There are two types:
  • Type 1 – A data center’s system and suitability of its design of controls, as reported by the company.
  • Type 2 – Includes everything in Type 1, with the addition of verification of an auditor's opinion on the operating effectiveness of the controls.
SOC 3
This report includes the auditor’s opinion of SOC 2 components with an additional seal of approval to be used on websites and other documents. The report is less detailed and technical than a SOC 2 report.
HIPAA
Mandated by the U.S. Health and Human Services Dept., the Health Insurance Portability and Accountability Act of 1996 specifies laws to secure protected health information (PHI), or patient health data (medical records). When it comes to data centers, a hosting provider needs to meet HIPAA compliance in order to ensure sensitive patient information is protected. A HIPAA audit conducted by an independent auditor against the OCR HIPAA Audit Protocol can provide a documented report to prove a data center operator has the proper policies and procedures in place to provide HIPAA hosting solutions.
No other audit or report can provide evidence of full HIPAA compliance.
PCI DSS
The Payment Card Industry Data Security Standard was created by the major credit card issuers, and applies to companies that accept, store process and transmit credit cardholder data. When it comes to data center operators, they should prove they have a PCI compliant environment with an independent audit. They should also know what services can help your company fulfill the 12 PCI requirements.

Comments

Popular posts from this blog

Timer AC bergantian

Bagaimana sich prinsip kerja AC yang bergantian? Seperti yang terangkai pada ACPDB, yang kita butuhkan adalah 1 buah timer dan 2 buah kontaktor. Pada dasarnya rangkaiannya adalah seperti gambar diatas. Seperti kita ketahui, timer dan kontaktor akan bekerja apabila mendapatkan catuan 220 V. Pada timer catuan bisa dikoneksikan di lubang “L” dan “N”, sedang pada kontaktor dilubang “A1” dan “A2”. Itulah kenapa pada saat mati listrik komponen2 tersebut tidak bekerja. Timer berfungsi sebagai switch dari 2-1 atau 2-3 dan lubang “2” sebagai sumber yang dialiri arus listrik. Sesuai namanya alat ini akan bergantian dari 2-1 atau 2-3 berdasarkan waktu yang sudah kita atur pada sirip biru. Satu sirip merepresentasikan 30 menit. Sedang pada kontaktor untuk tipe Telemecanique, sumbu-sumbu saklarnya adalah 1-2, 3-4, 5-6, NO-NO, NC-NC.  Jika “A1” dan “A2” tidak dicatu maka 1-2 (open), 3-4 (open), 5-6 (open), NO-NO (open), NC-NC (close/terhubung). Dan bila “A1” dan “A2” dicatu  maka 1-2 (close), 3-4 (clo…

Contoh Panduan Standarisasi Area Data Center

Berikut adalah contoh Panduan Standarisasi Area Data Center

PANDUAN - IK Standarisasi Area Data Center Article Number: 49 | Rating: Unrated | Last Updated: Mon, Nov 25, 2013 at 2:13 PM BAB I KEBIJAKAN
1.1.Area Data Center
Areadata center termasuk aset vital perusahaan dan diperlakukan sesuai dengan persyaratan yang telah ditetapkan dalam Sistem Manajemen Pengamanan Perusahaan.

Seksi Jaringan bertanggungjawab terhadap pengamanan fisik dan logik. sedangkan fungsi Sekuriti terhadap pengamanan fisik.


1.2.Pertimbangan Dalam Hal Penentuan Lokasi Area Data Center
Beberapa pertimbangan yang harus ada dalam menentukan lokasi ruang data center, yaitu :

1.Memungkinkan untuk pengembangan yang memadai, misalnya mempertimbangkan pengembangan untuk jangka waktu 5 (lima) tahun ke depan.
2.Mempertimbangkan ruang yang tidak "terlalu” banyak dilalui untuk operasional lain, namun tetap dapat dijangkau dengan mudah.
3.Memperhatikan aspek keamanan dan keselamatan pekerja.
4.Memenuhi persyaratan sebagaimana yang …

Mendesigns dan Menghitung UPS untuk Data Center

Mendesigns dan Menghitung UPS untuk Data Center UPS dan data center mungkin bisa di sebut sayur tanpa garam, hambar jika tidak saling melengkapi. 
Tapi untuk menentukan kebutuhan akan UPS data centerperlu perhitungan yang matang agar UPS dan server tetap awet dan selalu ON 24 jam. banyak sekali jenis UPS dan daya yang di tawarkan. Kita harus menghitung kebutuhan beban keseluruhan server agar ketika listrik down UPS dapat menghandle beberapa detik untuk listrik pindah ke genset begitu pula sebaliknya, Oke untuk menentukan itu semua tentukan dulu jenis UPS yang akan anda gunakan.
Oke kita sedikit belajar dulu tentang UPS :)
PRINSIP KERJA UPS Setiap PC membutuhkan daya listrik. Apabila aliran listrik (main power) terputus, PC akan mati (tidak berfungsi). Fungsi dasar UPS (Uninterruptible Power Supply) adalah menyediakan suplai listrik SEMENTARA ke beban (PC) tanpa terputus pada saat main power tidak bekerja agar seluruh proses dapat dihentikan dengan benar, seluruh data dapat disimpan den…