Certifications, Compliance and Security Assurance

Certifications

Tier III Certification of Constructed Facility

DC BLOX has received Uptime Institute’s Tier III Certification of Constructed Facility (TCCF) for our Birmingham data center. This award positions our company at the highest achievement level of excellence in the industry. Being certified by a third-party organization like Uptime Institute validates that our facilities and operations meet key business objectives, and that we have the level of resilience required to deliver world-class IT solutions to our customers and partners.

According to Uptime Institute, the Tier III Certification of Constructed Facility ensures that the facility has been constructed as designed, capable of meeting the defined availability requirements. The TCCF award confirms that the data center is concurrently maintainable, requiring no shutdowns when equipment needs maintenance or replacements and no impact to IT operations.

Uptime Institute Tier III Design and Facility logos

DEEP Gold Certification

The Data Center Efficiency Evolution Program, or DEEP, is a program created by Informa Tech that assesses and certifies a data center’s sustainability best practices. DC BLOX was awarded a DEEP gold certification for the Birmingham data center in May of 2022.

The DEEP assessment evaluates adherence to industry best practices for each of the following areas:

  • Electrical System – Considers the power generation source(s), backup power systems, power distribution, energy monitoring and management, and maintenance programs
  • Mechanical System – Type, number and size of air-cooling systems, temperature sensors and monitoring, air and water usage economizers, HVAC power usage, and maintenance and optimization programs
  • Airflow Management – Use of hot-aisle/cold-aisle containment, row and device temperature monitoring, potential airflow gaps/inefficiencies, and proper tonnage for cooling load
  • Processes – Recycling program, DCIM / BMS solutions, PUE monitoring, reuse of heat waste, carbon footprint monitoring, environmental training, and a formal ESG program

Refer to DC BLOX Data Center Sustainability Journey – Part I for additional information about DC BLOX’s participation in this program.

Deep Certification Logo Gold

Compliance

SOC 2 Type 2 Compliance

Service and Organization Controls (SOC) 2 is a reporting option specifically designed for entities such as data centers, software as a service (SaaS) vendors, and other technology and cloud-computing based businesses. SOC, or Service Organization Controls, focuses on the internal controls at an organization that are relevant to security, availability, processing integrity, confidentiality and privacy. SOC 2 compliance attests that DC BLOX has put in place the necessary internal controls to prove to its clients that their data is being handled securely and in accordance with industry standards.

DC BLOX meets SOC 2 Type 2 compliance requirements. Type 2 reporting assesses evidence of compliance over time showing that the assessed organization consistently meets its goals.

Our external auditing firm provides us with a non-confidential report on compliance called a SOC 3® report. View the most recent copy of the DC BLOX SOC 3 report.

SOC 2 Type 1 Certification Logo

NIST 800-171 Compliant


NIST SP 800-171
 is a set of standards established by the National Institute of Standards and Technology (NIST) that outlines practices non-federal organizations can use to protect controlled unclassified information (CUI). CUI is sensitive but unregulated information from the U.S. Federal government and applies to non-federal agencies working with agencies such as the United States Department of Defense, the General Services Administration (GSA), National Aeronautics and Space Administration (NASA), federal agency services providers, vendors and suppliers for federal agencies, and higher education institutions that get federal grants.

DC BLOX meets NIST 800-171 compliance requirements as attested by a 3rd party auditor.

HIPAA/HITRUST

The Health Insurance Portability & Accountability Act of 1996 (HIPAA) is a federal law that requires covered healthcare entities such as healthcare providers and health insurance providers to develop strict safeguards to secure electronic protected health information.  The Health Information Trust (HITRUST) Alliance is an independent third party testing organization that helps organizations achieve HIPAA compliance.

DC BLOX has put stringent controls in place to meet HIPAA compliance via HITRUST third party attestation.  This provides assurance to healthcare entities that DC BLOX’s data centers conform to a high standard of data security to protect sensitive patient information according to HIPAA standards.

HIPPA Compiant Logo

Security Assurance

DC BLOX was founded on the principle of trust and a commitment to building highly secure data centers for our customers. As we continue to expand into new markets in the Southeastern United States, we remain focused on delivering scalable infrastructure, top-performing connectivity, and proven power service availability in our facilities.

As a service organization, we recognize that entrusting DC BLOX as your data center provider is an important decision. Therefore, we have continued to invest in a layered approach to safeguard each of our facilities from perimeter to process.

To validate the effectiveness of our security program and operations, we engaged an independent auditor to assess our compliance with a framework specifically designed for organizations like DC BLOX. Year after year, we continue to maintain our compliance with the SOC 2 / SSAE 18 standard which outlines our philosophy and approach for physically securing our data centers, environmental protection for equipment, personnel practices, and vendor risk, among other principles.

Key Principles

Information Security Management

DC BLOX maintains a team of individuals led by a Director of Security and Compliance that oversee and govern our security program. These individuals have defined roles to manage all security-related activities and responsibilities, to ensure our service delivery is undertaken in a manner consistent with all applicable standards, regulations, and contracts, as well as DC BLOX security policies.

Physical Security

Exterior perimeters and interior areas of our facilities are monitored 24 hours a day by security guards and experienced DC BLOX personnel to avoid unauthorized access to the grounds. Layered physical access to DC BLOX data centers is controlled through a standard process and access control systems to protect customer assets. Every individual is required to record their full name, employer, and purpose for their visit which then must be approved by a DC BLOX employee who is authorized to sign non-employees into the facility. Building doors throughout the site are locked using a combination of electronic access control cards and biometrics systems to protect secure areas of the facility.

Change Management

DC BLOX is successful at meeting our service level agreements largely in part because we observe a standardized change control procedure. All new equipment installations or modifications to existing equipment are performed carefully, with management approval and during pre-defined maintenance windows. It is our top priority to ensure we protect the reliability and availability of DC BLOX services while avoiding customer disruptions during routine work.

Incident Response

DC BLOX maintains a documented incident response plan to ensure our team is capable of properly escalating issues and responding appropriately. A dedicated Incident Management Group is comprised of a centralized technical support team within the DC BLOX Customer Operations business unit.

Most services DC BLOX provides to customers are mission-critical to their day-to-day operations. Therefore, we have established processes that define, categorize and prioritize security incidents based upon the overall impact to the customer.

To report a concern, failure or incident, including suspected account breach, please contact our Incident Management Group using one of the following methods:

Service Portal: https://www.mywww.dcblox.com/
Phone: 1-877-590-1684 option 2 (24×7)
Email: nocsupport@www.dcblox.com

In case of a security incident resulting in the unauthorized disclosure of personal information that is impacted by a state, federal or other regulation, DC BLOX will promptly notify impacted customers and authorities.

Disaster Recovery

In the event DC BLOX incurs a major disaster, we have implemented contingency plans to minimize the overall impact to our customers. The Director of Data Center Operations along with the support of the Chief Operating Officer, engage a dedicated team in regular discussions regarding disaster preparedness and response procedures. Formal simulated scenarios are tested at least annually to evidence the effectiveness of our plan and ability to communicate with our customers during a widespread event.

Network Monitoring

DC BLOX implements technology and expertise to protect the high-speed optical networks in our data centers and prevent malicious traffic from entering them. Data traversing our internal networks are protected with the latest recommended secure cipher suites to encrypt traffic in transit. On-going monitoring of our networks is intact to ensure our facilities maintain the uptime that our customers rely on.

Recruitment and Selection Practices

DC BLOX recognizes the importance of selecting the right individuals to be a part of our operation and support our customers. We thoroughly screen all candidates under serious consideration and employment offers are contingent upon a clear criminal history. Furthermore, we require that all employees sign non-disclosure agreements to protect the confidentiality of our customer’s information.

Reporting Unethical Behavior

If you believe that one of our personnel has acted unethically or reasonably believe that their actions constitute a violation of the law, please call 1-877-590-1684, select option 3 and ask for the head of human resources to communicate your concerns