Our clients’ data should be protected as securely as if it was in the walls of their own corporations, which is why eTERA Consulting has strict standards and certifications.
Annual corporate audits
The corporate security audits cover an extensive range of topics including, but not limited to:
- Confirmation of a federally accepted security and risk policy
- Employee compliance to the aforementioned security and risk policy
- Performance of an annual independent SSAE 16 audit, vulnerability and penetration test and employee security testing
- Management of third-party vendor security
- Adherence to full background checks of all employees
- Visitor security compliance
- Physical security of data centers and all eTERA office locations
- Presence of environmental controls for fire, power outages, etc.
- Encryption in-transit and in-place policies and procedures
- Presence of user and access controls
Annual independent SSAE-16 audit
In addition to the corporate security audits, eTERA performs an annual SSAE 16 audit to ensure that our operational controls are met. The SSAE 16 is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants. An SSAE 16 examination signifies that an independent accounting and auditing firm has examined a service organization’s control objectives and activities.
An assortment of government-compliance regulations have been created over the past several years, including the standards imposed by the Sarbanes-Oxley Act (SOX) of 2002. Under Section 404 of the SOX, most companies require an SSAE 16 audited report from their service providers to evaluate controls, data centers, security, backup and system availability.
The SSAE 16 audit report is the de-facto method for a service provider to disclose control activities and processes to their customers in a consistent and reliable form. The report includes the independent auditor’s provisions for the organization to consistently and accurately execute the company’s documented control environment and the effectiveness of such controls at protecting information assets from security and availability threats.
The United States and European countries recognize an exemption-free SSAE 16 Certification report. These countries use the report as a reliable indicator that a service organization has implemented an effective control environment and is SOX compliant.
A copy of the auditor’s report on eTERA’s SSAE 16 compliance is available upon request.
Vulnerability and penetration testing
eTERA regularly performs independent vulnerability and penetration tests to ensure superior security. These tests are performed to mitigate risks associated with unplanned incidents and threats. eTERA regularly passes the vulnerability and penetration testing, using the results to continually enhance its security.
Data center management and security
eTERA uses Equinix data centers and services for their high reputation as best-in-class as well as their levels of availability, security and application performance. Equinix operates 90 data centers in 35 markets around the world, servicing over 4,100 customers. Some of their services include:
Equinix IBX centers are designed to provide a robust power infrastructure with the highest level of reliability. These centers provide a minimum N+1 redundancy for every IBX power system, delivering the highest level of uptime availability. Their Uninterruptible Power Supply (UPS) systems prevent power spikes, surges, and brownouts, while redundant backup diesel generators keep the data center powered in the event that public utility fails. The entire electrical system has built-in redundancy to ensure continuous operation.
Equinix’s state-of-the art Heating / Ventilation / Air Conditioning (HVAC) system is a key feature of the premium infrastructure at its IBX centers. Each IBX center is designed with a robust HVAC system to provide stable air flow, temperature and humidity for equipment operation. To minimize downtime due to equipment failure, all major equipment in the HVAC system is designed with a minimum of N+1 redundancy and back-up generators to provide additional protection for customer operations.
Fire detection and suppression
Equinix IBX centers are constructed with cutting-edge fire detection and suppression systems that limit the potential for damage in the event of a fire.
Where seismic risk exists, structural systems at Equinix IBX centers meet or exceed local building design requirements and codes for lateral seismic forces. Equipment and nonstructural components, including cabinets, are anchored and braced.
The internal controls used at Equinix IBX centers are SSAE 16 compliant. Additional information describing this type of compliance is available at the AICPA website.
Each Equinix IBX center utilizes an array of security equipment, techniques, and procedures to control, monitor, and record access to the facility, including customer cage areas.
All areas of the center are monitored and recorded using CCTV, and all access points are controlled. Every IBX center is staffed with 24-hour security officers to augment physical security features, providing financial-grade protection.
Visitors are screened upon entry to verify identity, and in shared situations, escorted to appropriate locations. Access history is recorded for audit by customers.