SAS70 Type II compliant colo providers - Chicago, IL
Hi, I would really appreciate any recommendations for SAS70 Type II compliant colocation providers in Chicago, IL The requirement is fairly small (1/2 - 1 rack). Mail me off list please. Thanks. Regards, Andy. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
On Sep 22, 2009, at 11:54 AM, Andy Ashley wrote:
Hi,
I would really appreciate any recommendations for SAS70 Type II compliant colocation providers in Chicago, IL
Andy - As an FYI, SAS 70 Type II compliance means whatever that provider's "SAS 70 Type II" audit document states for controls, i.e. there is no specific requirements associated with SAS 70 Type II, only that you publish a documented set of management and security controls and then are audited for compliance against that list. That may not be realized by the folks who've sent you to go get SAS 70 Type II compliant hosting, but is something that you probably want to keep in mind since little items like generators and door locks aren't necessarily included. /John
People buy SAS 70 compliant anything just because it's the latest buzzword, kind of like PCI compliance. Jeff On Tue, Sep 22, 2009 at 7:52 PM, John Curran <jcurran@istaff.org> wrote:
On Sep 22, 2009, at 11:54 AM, Andy Ashley wrote:
Hi,
I would really appreciate any recommendations for SAS70 Type II compliant colocation providers in Chicago, IL
Andy -
As an FYI, SAS 70 Type II compliance means whatever that provider's "SAS 70 Type II" audit document states for controls, i.e. there is no specific requirements associated with SAS 70 Type II, only that you publish a documented set of management and security controls and then are audited for compliance against that list. That may not be realized by the folks who've sent you to go get SAS 70 Type II compliant hosting, but is something that you probably want to keep in mind since little items like generators and door locks aren't necessarily included.
/John
-- Jeffrey Lyon, Leadership Team jeffrey.lyon@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to "protect your booty."
Yes, but with PCI compliance the powers that be (credit card companies) can actually fine you big bucks for being non-compliant. http://www.google.com/search?hl=en&source=hp&q=pci+compliance+fines&aq=f&oq=&aqi=g1g-m1 http://www.pcicomplianceguide.org/pcifaqs.php#11 Cheers, Jayfar On Tue, Sep 22, 2009 at 8:17 PM, Jeffrey Lyon <jeffrey.lyon@blacklotus.net> wrote:
People buy SAS 70 compliant anything just because it's the latest buzzword, kind of like PCI compliance.
Jeff
On Tue, Sep 22, 2009 at 7:52 PM, John Curran <jcurran@istaff.org> wrote:
On Sep 22, 2009, at 11:54 AM, Andy Ashley wrote:
Hi,
I would really appreciate any recommendations for SAS70 Type II compliant colocation providers in Chicago, IL
Andy -
As an FYI, SAS 70 Type II compliance means whatever that provider's "SAS 70 Type II" audit document states for controls, i.e. there is no specific requirements associated with SAS 70 Type II, only that you publish a documented set of management and security controls and then are audited for compliance against that list. That may not be realized by the folks who've sent you to go get SAS 70 Type II compliant hosting, but is something that you probably want to keep in mind since little items like generators and door locks aren't necessarily included.
/John
-- Jeffrey Lyon, Leadership Team jeffrey.lyon@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc.
Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to "protect your booty."
Most of our customers just make up their own definition of PCI and then demand that we help them adhere to it. Jeff On Tue, Sep 22, 2009 at 8:50 PM, Jay Farrell <jayfar@jayfar.com> wrote:
Yes, but with PCI compliance the powers that be (credit card companies) can actually fine you big bucks for being non-compliant.
http://www.google.com/search?hl=en&source=hp&q=pci+compliance+fines&aq=f&oq=&aqi=g1g-m1
http://www.pcicomplianceguide.org/pcifaqs.php#11
Cheers, Jayfar
On Tue, Sep 22, 2009 at 8:17 PM, Jeffrey Lyon <jeffrey.lyon@blacklotus.net> wrote:
People buy SAS 70 compliant anything just because it's the latest buzzword, kind of like PCI compliance.
Jeff
On Tue, Sep 22, 2009 at 7:52 PM, John Curran <jcurran@istaff.org> wrote:
On Sep 22, 2009, at 11:54 AM, Andy Ashley wrote:
Hi,
I would really appreciate any recommendations for SAS70 Type II compliant colocation providers in Chicago, IL
Andy -
As an FYI, SAS 70 Type II compliance means whatever that provider's "SAS 70 Type II" audit document states for controls, i.e. there is no specific requirements associated with SAS 70 Type II, only that you publish a documented set of management and security controls and then are audited for compliance against that list. That may not be realized by the folks who've sent you to go get SAS 70 Type II compliant hosting, but is something that you probably want to keep in mind since little items like generators and door locks aren't necessarily included.
/John
-- Jeffrey Lyon, Leadership Team jeffrey.lyon@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc.
Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to "protect your booty."
-- Jeffrey Lyon, Leadership Team jeffrey.lyon@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to "protect your booty."
Hmm...the ones I've been involved with have to go through an independent third party audit to ensure that they are compliant. The independent auditor has to agree that they're practices are secure and satisfies the credit card company's security objectives. If it were that loose you'd see a lot more security breaches on the magnitude of the TJX breach. Chuck On Tue, Sep 22, 2009 at 8:53 PM, Jeffrey Lyon <jeffrey.lyon@blacklotus.net> wrote:
Most of our customers just make up their own definition of PCI and then demand that we help them adhere to it.
Jeff
On Tue, Sep 22, 2009 at 8:50 PM, Jay Farrell <jayfar@jayfar.com> wrote:
Yes, but with PCI compliance the powers that be (credit card companies) can actually fine you big bucks for being non-compliant.
http://www.google.com/search?hl=en&source=hp&q=pci+compliance+fines&aq=f&oq=&aqi=g1g-m1
http://www.pcicomplianceguide.org/pcifaqs.php#11
Cheers, Jayfar
On Tue, Sep 22, 2009 at 8:17 PM, Jeffrey Lyon <jeffrey.lyon@blacklotus.net> wrote:
People buy SAS 70 compliant anything just because it's the latest buzzword, kind of like PCI compliance.
Jeff
On Tue, Sep 22, 2009 at 7:52 PM, John Curran <jcurran@istaff.org> wrote:
On Sep 22, 2009, at 11:54 AM, Andy Ashley wrote:
Hi,
I would really appreciate any recommendations for SAS70 Type II compliant colocation providers in Chicago, IL
Andy -
As an FYI, SAS 70 Type II compliance means whatever that provider's "SAS 70 Type II" audit document states for controls, i.e. there is no specific requirements associated with SAS 70 Type II, only that you publish a documented set of management and security controls and then are audited for compliance against that list. That may not be realized by the folks who've sent you to go get SAS 70 Type II compliant hosting, but is something that you probably want to keep in mind since little items like generators and door locks aren't necessarily included.
/John
-- Jeffrey Lyon, Leadership Team jeffrey.lyon@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc.
Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to "protect your booty."
-- Jeffrey Lyon, Leadership Team jeffrey.lyon@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc.
Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to "protect your booty."
On Tue, Sep 22, 2009 at 11:26 PM, Charles Mills <w3yni1@gmail.com> wrote:
Hmm...the ones I've been involved with have to go through an independent third party audit to ensure that they are compliant. The
the pci-is-good/sux (and sas-70 is-good/sux) discussion seems out of nanog scope, to me... but really PCI compliance isn't the panacea, heck I bet TJX was PCI compliant for some portions of the things owned six ways to sunday in their breach. The same goes for the last 12 'major' breaches and information leaks. No compliance doc/cert is going to save the day, only good ongoing practices and vigilant administration is going to make it better. That said did anyone actualy suggest a sas-70 colo in ORD?? VZB's CHI10 facility used to be in this set, the OP might consider checking with them... (though I recall CHI10 being 'full' or 'out of power', but I'm sure that's changed/improved) -Chris (there was some effort a while back to sas-70 ceritfy most of the ex-UU datacenters)
independent auditor has to agree that they're practices are secure and satisfies the credit card company's security objectives. If it were that loose you'd see a lot more security breaches on the magnitude of the TJX breach.
Chuck
On Tue, Sep 22, 2009 at 8:53 PM, Jeffrey Lyon <jeffrey.lyon@blacklotus.net> wrote:
Most of our customers just make up their own definition of PCI and then demand that we help them adhere to it.
Jeff
On Tue, Sep 22, 2009 at 8:50 PM, Jay Farrell <jayfar@jayfar.com> wrote:
Yes, but with PCI compliance the powers that be (credit card companies) can actually fine you big bucks for being non-compliant.
http://www.google.com/search?hl=en&source=hp&q=pci+compliance+fines&aq=f&oq=&aqi=g1g-m1
http://www.pcicomplianceguide.org/pcifaqs.php#11
Cheers, Jayfar
On Tue, Sep 22, 2009 at 8:17 PM, Jeffrey Lyon <jeffrey.lyon@blacklotus.net> wrote:
People buy SAS 70 compliant anything just because it's the latest buzzword, kind of like PCI compliance.
Jeff
On Tue, Sep 22, 2009 at 7:52 PM, John Curran <jcurran@istaff.org> wrote:
On Sep 22, 2009, at 11:54 AM, Andy Ashley wrote:
Hi,
I would really appreciate any recommendations for SAS70 Type II compliant colocation providers in Chicago, IL
Andy -
As an FYI, SAS 70 Type II compliance means whatever that provider's "SAS 70 Type II" audit document states for controls, i.e. there is no specific requirements associated with SAS 70 Type II, only that you publish a documented set of management and security controls and then are audited for compliance against that list. That may not be realized by the folks who've sent you to go get SAS 70 Type II compliant hosting, but is something that you probably want to keep in mind since little items like generators and door locks aren't necessarily included.
/John
-- Jeffrey Lyon, Leadership Team jeffrey.lyon@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc.
Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to "protect your booty."
-- Jeffrey Lyon, Leadership Team jeffrey.lyon@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc.
Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to "protect your booty."
Andy Ashley wrote:
Hi,
I would really appreciate any recommendations for SAS70 Type II compliant colocation providers in Chicago, IL
The requirement is fairly small (1/2 - 1 rack). Mail me off list please.
Thanks.
Thanks to everyone who replied with advice and recommendations/referrals, there were too many to respond to individually. I have made a couple of choices and will make further enquiries with those companies. Regards, Andy. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
participants (6)
-
Andy Ashley -
Charles Mills -
Christopher Morrow -
Jay Farrell -
Jeffrey Lyon -
John Curran