Hi,
I would really appreciate any recommendations for SAS70 Type II compliant colocation providers in Chicago, IL
The requirement is fairly small (1/2 - 1 rack). Mail me off list please.
Thanks.
Regards,
Andy.
Andy -
As an FYI, SAS 70 Type II compliance means whatever that provider's "SAS 70 Type II" audit document states for controls, i.e. there is no specific requirements associated with SAS 70 Type II, only that you publish a documented set of management and security controls and then are audited for compliance against that list. That may not be realized by the folks who've sent you to go get SAS 70 Type II compliant hosting, but is something that you probably want to keep in mind since little items like generators and door locks aren't necessarily included.
/John
People buy SAS 70 compliant anything just because it's the latest
buzzword, kind of like PCI compliance.
Jeff
Yes, but with PCI compliance the powers that be (credit card
companies) can actually fine you big bucks for being non-compliant.
http://www.google.com/search?hl=en&source=hp&q=pci+compliance+fines&aq=f&oq=&aqi=g1g-m1
http://www.pcicomplianceguide.org/pcifaqs.php#11
Cheers,
Jayfar
Most of our customers just make up their own definition of PCI and
then demand that we help them adhere to it.
Jeff
Hmm...the ones I've been involved with have to go through an
independent third party audit to ensure that they are compliant. The
independent auditor has to agree that they're practices are secure and
satisfies the credit card company's security objectives.
If it were that loose you'd see a lot more security breaches on the
magnitude of the TJX breach.
Chuck
Hmm...the ones I've been involved with have to go through an
independent third party audit to ensure that they are compliant. The
the pci-is-good/sux (and sas-70 is-good/sux) discussion seems out of
nanog scope, to me... but really PCI compliance isn't the panacea,
heck I bet TJX was PCI compliant for some portions of the things owned
six ways to sunday in their breach. The same goes for the last 12
'major' breaches and information leaks.
No compliance doc/cert is going to save the day, only good ongoing
practices and vigilant administration is going to make it better.
That said did anyone actualy suggest a sas-70 colo in ORD?? VZB's
CHI10 facility used to be in this set, the OP might consider checking
with them... (though I recall CHI10 being 'full' or 'out of power',
but I'm sure that's changed/improved)
-Chris
(there was some effort a while back to sas-70 ceritfy most of the
ex-UU datacenters)
Andy Ashley wrote:
Hi,
I would really appreciate any recommendations for SAS70 Type II compliant colocation providers in Chicago, IL
The requirement is fairly small (1/2 - 1 rack). Mail me off list please.
Thanks.
Thanks to everyone who replied with advice and recommendations/referrals, there were too many to respond to individually.
I have made a couple of choices and will make further enquiries with those companies.
Regards,
Andy.