Stop worrying about downtime. We equip clients with private cages and suites, usage-based power billing, and room to grow.
Our passion is helping companies optimize their IT strategies and decisions. We work with companies to help them determine the best solutions for their production data centers and disaster recovery centers. Using external data center (colocation) facilities is one of the easiest ways to manage IT costs while improving service reliability and uptime. We’ll show you how! Find us on Twitter: @lifelinedatactr
The Sarbanes-Oxley Act, or SOX as it is commonly known as, is an act that was passed by the US Congress in the year 2002. The act was passed so that investors and other financial parties could be protected from the possible problems that could arise due to fraudulent accounting practices of corporations. The act has received a lot of press as its various legal reforms forced corporations, data centers included, to take note of their financial records and the way they are being maintained. The Sarbanes-Oxley Act affects corporations and the companies and institutions that offer Information Technology support.
Since data centers handle sensitive financial data related to corporations, they too are governed by the legal bindings of the Sarbanes-Oxley Act. Data center policies have to conform to reforms laid down by the Act. Procedures pertaining to financial aspects are required to be in place in order to achieve compliance, and, of course, to avoid the long list of serious implications that non-compliance could lead to .
As per Sec. 802 (a) (1), “alteration, destruction, mutilation, concealment, covering up, falsification, making of false entries in any record, document or tangible object” is strictly prohibited and could warrant strict action against the guilty corporations in the form of:
- Liability to face criminal or civil prosecution
- Possibility of investigations by the U.S. Securities and Exchange Commission
- Forfeit of profits gained through such means or reimbursement of losses avoided
- Liability to pay a penalty amount of up to a million dollars, or three times the misrepresented amount, whichever is greater
- Imprisonment of guilty personnel for a term of up to 10 years
Detecting and monitoring possible flaws, taking validated steps to set them right, completing third-party audits on a regular basis, and a rigid internal financial and data-protection policy are some of the steps a data center can follow in order to realize an infallible compliance program.
If you’re looking for an outsourced solution that will handle all of these compliances issues for you, contact us at Lifeline Data Centers today.
Earlier in 2013, the Department of Health and Human Services modified the Health Insurance Portability and Accountability Act of 1996 (HIPAA) that protects sensitive health data. This act mandates any entity dealing with protected health information to have specified physical, network, and process security measures in place to regulate saving, accessing and sharing of health records.
The new regulations, known as “HIPAA/HITECH Omnibus Final Rule,” establish new standards to determine whether a security breach has occurred. The stakes are now high for those involved, for a “low probability of compromise risk assessment” is assumed by default unless proved otherwise. There are also increased penalties for entities that do not comply with the new breach notification regulations.
Employers and business associates have to update their HIPAA policies and procedures to address such regulatory changes, and conduct risk assessment audits to ensure that the adopted policies and procedures fully address the operational risks.
The revised regulations now makes it virtually binding on business associates, or vendors that provide services to HIPAA-covered plans, to comply with HIPAA Security Rule and many provisions of the HIPAA Privacy Rule. Business associates now need to enter into agreements with subcontractors. The terms of the agreement may include reimbursement of costs incurred in responding to a security breach caused by a business associate and indemnification for third-party claims.
The onus is on not just employers, but all stakeholders, especially data centers that handle HIPAA data, to make the necessary workflow changes, update IT policies and procedures, and train their staff on the changes.
Data Centers and the HIPAA Final Omnibus Rule of 2013
In January 2013, the United States Department of Health and Human Services (HHS) made a series of relevant changes to the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
HIPAA is primarily in force to enhance the integrity and confidentiality of Protected Health Information in the wake of serious breaches. Today, even one breach could attract severe penalties to the tune of millions of dollars.
Data centers are among those bodies that deal with electronic data related to health and other personal as well as financial information of the nation’s Health and Human Services system.
The Act has been alive and well for more than fifteen years and has witnessed regular updates in provisions that have strengthened the Act itself or have offered increased enforcement and punishing rights to related agencies.
Key factors of the rule
A few key factors of the final omnibus rule in relation to data centers are listed below.
- Increased protection and control of ePHI
- Focus on health care providers and health data handlers
- Expansion of individual rights
- Use of related information for research and other purposes requires an individual’s sanction
- Influenced by the HITECH Act and GINA
- Prohibition of the sale of health info without permission
- Maximum penalty for every violation stands at $1.5 million
A HIPAA Compliant data center follows guidelines and procedures put forth by the final omnibus rule and ensures that they are adhered to.
The final omnibus rule and Data Centers
The final omnibus rule of HIPAA came into effect in January 2013. Health information and data is set to be protected even more ardently in an age where security breaches and leaking of data is a crucial threat.
Patient privacy and protection of health information disclosed by the patients, doctors or other relevant parties remains the onus of all parties involved, external agencies and business associates included. Therefore, as business associates handling sensitive health data, data centers need to ensure that their set procedures comply with the final omnibus rule, too.
Regulatory compliance has a big say in how businesses design and develop their systems. A major compliance requirement for many businesses is the Sarbanes-Oxley Act of 2002 (SOX).
On the face of it, the focus of SOX is to prevent financial frauds, and, for this purpose, it mandates companies to maintain tight controls over their financial disclosures. These controls assume the form of regulating and tracking the flow of financial data, along with regular audits aimed at identifying and remediating potential risks.
However, the implications of SOX for data centers go much beyond that. SOX mandates strict data storage requirements and equally stringent retention policies and procedures. Although SOX does not give any specific size or methodology for data storage or policies, there are many guidelines data centers need to follow:
- The Public Committee Accounting Overseas Board (PCAOB) oversees and guides SOX auditors and sets standards that specify the elements required for successful compliance.
- The Committee of Sponsoring Organizations (COSO) has developed a control framework that offers a comprehensive set of guidelines to create and implement internal controls. Though not mandatory, this offers the optimal benchmark.
- The Control Objectives for Information and Related Technology (COBIT) framework, the handiwork of Information Systems Audit and Control Association (ISACA), offers specific guidance for IT controls. COBIT addresses 34 IT processes, grouped in four domains of Planning and Organization, Acquisition and Implementation, Delivery and Support, and Monitoring.
SOX also binds publically traded companies and accounting or audit firms to retain audit documents for a minimum of seven years after the completion of an audit, and also have provisions in place for retrieval of data quickly. Here again, the methodology of how to do so is left to the companies. Data centers need to adopt solutions such as a write-once, read-many (WORM) approach to data, which allows easy retrieval at anytime but no modifications, to facilitate their client’s compliance with the provisions of SOX.
Apart from this, SOX compliant data centers also need to have strong security measures in place, including access and authentication systems, user account management, encryption, and other network security deployments, besides constant monitoring and audits.
SOX violations can be costly. The act imposes a fine of up to $10 million and 20 years in prison for violators. In addition, there is a promise of “stiff penalties” for companies that knowingly destroy, or even alter, records to cover their tracks or thwart investigations.
Lifeline Data Centers offers fully compliant SOX solutions, complete with flexibility and guaranteed uptime. Visit our website to know more about how we cater to all your compliance needs.
HIPAA: Responsibilities of a Data Center
The Health Insurance Portability and Accountability Act of 1996, or HIPAA, directs federal protection of data related to the health sector. Assurance of data center compliance is of utmost importance as the business associates working in tandem with these centers could be held responsible for shortcomings.
The Department of Health and Human Services, as well as the Office of Civil Rights for PHI (protected health information), act as effective collaborators in enforcing HIPAA and imposition of fines and penalties on parties found falling short in following the procedures laid down.
An overview of HIPAA
The HIPAA Security Rule protects electronic information relayed in the health sector, ensuring the protection of confidentiality, integrity and availability to relevant units. The key responsibilities of business associates are obscure in certain areas though their primary role as covered entities holds considerable relevance.
Data centers and HIPAA
Safeguard of electronic data associated with health information received, transmitted, created or maintained by or on behalf of covered entities is the primary concern of HIPAA. Thus, data centers are required to have arrangements in place, administrative, technical and otherwise, to ensure compliance with the Act. Data center documentation, procedures, policies, audits etc. all need to follow norms laid down as per HIPAA.
Key responsibilities of data centers
Data centers are facilities that assist in the processing of information. Data content or electronic data related to the health industry is governed by HIPAA among other data compliance rules and acts. Implementation of laid down regulations and compliance with data security measures is therefore part of a date center’s core responsibilities and include:
- Adhering to administrative safeguards
- Setting up of physical safeguards
- Ensuring technical safeguards
- Fulfillment of organizational requirements
- A strong Business Associate Agreement
- Architecture that complies with HIPAA
These key responsibilities outline a data center’s role with regard to HIPAA. Protection and security of health related information and adherence to privacy rules put forth by the Act helps data centers as well as related business associates fulfill control standards, thus avoiding penalties and fines.
Every state offers various tax incentives for data centers. At the national level, there are policies and programs that are designed specifically to support the growth and wide-spread adoption of data centers. Thanks to these incentives, some states naturally turn out to be more conducive to building or leasing out a data center as compared to others.
As of today, there are close to 17 states that offer tax benefits for the data center industry.
For data centers, the two most important taxes that are applicable are the sales tax and the property tax. Did you know that there are 5 states that do not charge any sales tax at all? These states are Montana, Delaware, New Hampshire, Oregon and Alaska. Sales tax will typically be applicable on the building materials and the equipment. For example, if you choose to buy data center equipment of approximately 10 million dollars in the state of Ohio, you would be paying around $700,000 in sales tax.
Real estate tax would also apply annually depending on the local tax rate and the data center property value. Personal property tax is also payable yearly for all equipment, furniture, and other items that are not tightly bound to the real estate. There are 11 states that exempt their customers from paying this tax.
The key here is the exemption that most states have started offering in order to boost the data center industry growth. Some of the states that have introduced new tax breaks in the year 2012-2013 are Virginia, Georgia, Arizona, South Carolina, Indiana, Alabama, Texas, Ohio and Nebraska. The state of Indiana delighted businesses by offering a new data center tax incentive in the year 2012. According to this new incentive, sales tax on IT equipment such as computers, electrical and mechanical equipment and power infrastructure is 100% exempt.
A tax incentive is typically for a longer term, and, therefore, many corporate organizations consider this factor when selecting a long-term data center facility. For the best rates in collocation data centers, visit www.lifelinedatacenters.com today.
The National Fire Safety Authority (NFPA) lists out standards related to fire safety. Data centers, which are always at risk from fire and related hazards, should pay attention to these standards laid down by NFPA in order to remain compliant and safe.
Standard for the Protection of Information Technology Equipment,” offers a detailed checklist on precautions to avert fire and what to do in case of a fire. However, several other NFPA standards are also applicable to data centers. Among them, NFPA 70 covers the “National Electric Code” and NFPA 70E covers electrical safety requirements for employees.
An important consideration with regards to NFPA standards is that it is not static. Data centers would not only have to ensure that they comply with the provisions of the code, they would also have to review the standards on a regular basis and make the necessary changes.
A case in point is the recent upgrade of NFPA 70E standards.
Data centers now have to create new arc flash hazard labels indicating: nominal system voltage, arc flash boundary and any one of Incident energy and corresponding working distance, minimum arc rating of clothing, required level of PPE or highest hazard/risk Category (HRC) for the equipment.
The upgraded standards mandate labeling of DC equipment for arc flash hazard. Before, it was possible to mark the labels with the default value for arc flash boundary provided in the NFEA 70E tables. But the revised 70E standards require that data centers calculate arc flash boundary for all locations where the voltage is greater than 50 volts and provide such calculated values in the label information.
The revised NFPA 70E also requires that only personnel with knowledge of the installation and hazards, and who are sufficiently trained work within the limited approach boundary of the arc, are hired. This comes with greater thrust on documentation and training. The meeting between employers and contractors to communicate the known hazards now have to be documented. Employees have to be retrained on the hazards every three years, and the training program itself is audited as well.
Electric arcs are hazards that can occur commonly in data centers. Personnel working on electrical equipment and not wearing Personal Protective Equipment (PPE) run the risk of serious injury or death when an electrical arc occurs. The revised 70E pertaining to arc flash labeling and better training helps to increase awareness and therefore mitigate this risk.
Lifeline Data Centers is fully compliant and has trained staff that is up to date on fire safety data center standards. Get in touch with us today.
When it comes to disaster planning for data centers, one of the major aspects is automated disaster recovery. Automated DR promises that there is no room for failure and everything can be recovered. However, many IT and data center managers think that there could be some hidden caveats that would need consideration before a disaster occurs. Here are some of the features of automated DR that can benefit a data sensitive organization tremendously.
- Heterogenous Environments: This is a cause of concern in many organizations today. However, there are automated DR solutions that can handle this type of landscape and that provide recovery and replication among dissimilar hardware.
- Full end-to-end testing: Many IT managers fear that an automated DR solution cannot be tested end-to-end without shutting down shop, leading to a degradation in up-time performance. However, modern automated DR solutions have managed to optimize their testing suites and a full end-to-end testing is very much possible without much downtime.
- Full recovery: Some solutions do not promise recovery from the point of failure. However, automated DR uses snapshot technology and an integrated continuous disk-based backup mechanism so that recovery from the absolute point of failure can be guaranteed.
- Multiple systems: Advanced automated DR solutions can handle up to 5 systems at a time and can bring them back up in a few minutes.
Even though they save you in critical situations, automated disaster recovery solutions – both hardware and software-based – are often extremely complex systems. The major solutions available today are VMware’s Site Recovery Manager (SRM), which needs an administrator’s click. The other alternative is to use an application-based approach, such as Microsoft’s Fail-over Cluster. There is also the hosting-based heartbeat approach, where the replication server and primary server are synchronized by a heartbeat signal and if the heartbeat stops, then the fail-over process is automatically triggered. The options in this category are XOsoft from CA and Marathon.
Obviously, disaster recovery is not to be taken lightly and needs proven expertise to be successful. To get the best solution for your business needs, do get in touch with us, the data center experts, at www.lifelinedatacenters.com.
In recent years, data centers have undergone several major changes. Data center transformation and modernizing data centers lead to better savings and improved performance. Modern organizational IT infrastructures experience speedy growth, and therefore, it is important to upgrade the data centers.
Modernizing your data center has many benefits:
- Network benefits
- Security benefits
- Cost Savings benefits.
Let’s take a closer look at how the new trends in data center will help reduce costs.
The cost of maintaining a data center includes staff, redundant data, hardware cost, software licenses, and more. In spite of these, companies build multiple data centers when they need only few.
Therefore, virtualization is the natural answer for reducing the operational costs.
Depending on how the current implementation is taking up space, wasting power, average utilization, the savings from virtualization can be enormous. As an example, compare the estimates of savings made by Tribune while working with CISCO:
- $2M cost savings due to less power and space consumption.
- $10M per year by utilizing idle processing and data stores.
- Computing hardware systems halved leading to lower staff usage.
- Data center floor space reduced by whooping 96%.
Therefore, companies should rationalize the number of data centers according to needs.
Data center virtualization primarily focuses on server virtualization. Organizations have started adopting virtualization because of its benefits.
- Using fewer servers reduces the hardware cost which is considered as the highest among all operational costs.
- Reduces power consumption which in turn reduces cooling expenditure.
- Provides easy maintenance.
- Provides backup server making BCP plan easier.
- Reduces operational cost by reducing complexity.
- Utilizes resources to the highest.
- Increases the availability of applications.
- Meets application demands with increased performance.
- Higher utilization of resources.
- Provides better security.
- Ease in maintenance.
To know more on how virtualization can help rationalize your data center both in terms of space and costs, please visit http://www.lifelinedatacenters.com/ today.
The Sarbanes-Oxley act of 2002 (SOX) was enacted for public firms to help safeguard investor interest by increasing the reliability and accuracy of all disclosures, especially finacial. It is important to strictly adhere to the act as it not only can destroy the credibility of the firm, but also the expose top management to legal risks.
- Morgan Stanley was fined $15 million for not providing email records in 2004.
- Microsoft will be fined $1.45 million next year for the same reason as Morgan Stanley.
- Merrill Lynch followed with another $2.5 million fine.
In the context of data centers, the main points are related to financial data but not limited to it:
- Identify data that comes under the purview of act.
- Section 103: Create processes for retention of data of the last 7 years.
- Section 104 & 802: Get the data audited by third-party audit firms. Retention of audit data of last 5 years. In case of non-maintenance, fine and/or penalty could be imposed.
- Section 105(B): Easy and quick accessibility of stored data when needed. In case the court asks for any past data records, they must be readily available.
- Section 404: Build up internal controls for protection of data.
- Monitoring of possible insider information leaks as well as tampering/destruction attempts.
Implementing the requirements of this act should not be an overhead task. To find out about everything that needs to be done and to ensure that your data center adheres to the SOX Act, please visit http://www.lifelinedatacenters.com.
Since 2001, Lifeline Data Centers has helped companies improve uptime and control data center facilities operating expense. Lifeline is an innovator in wholesale colocation, continually finding ways to reduce downtime risks while driving down costs. Our approach is simple: delight customers with flexible, cost-effective data center floor space, office space, and services.
Lifeline Data Centers is a wholesale colocation facility; a high tech landlord. We provide data center and office real estate to companies who require uptime, connectivity, and room for growth. Lifeline provides secure hardened data center buildings, highly reliable power and cooling, and access to many telecommunications providers. Some clients choose to use Lifeline purely as a landlord, fully managing their own information technology infrastructure.” Other clients Lifeline’s colocation facilities and office space along with Lifeline’s managed services to augment their IT staff.
Lifeline Data Centers serves over hundreds of companies in health care, software, utilities, pharma, cloud computing, and government. If you value uptime, consider Lifeline Data Centers' flexible wholesale colocation and office space solutions.