Certifications, Compliance & Security Assurance
Tier III Certification of Constructed Facility
DC BLOX has received Uptime Institute’s Tier III Certification of Constructed Facility (TCCF) for our Birmingham data center. This award positions our company at the highest achievement level of excellence in the industry. Being certified by a third-party organization like Uptime Institute validates that our facilities and operations meet key business objectives, and that we have the level of resilience required to deliver world-class IT solutions to our customers and partners.
According to Uptime Institute, the Tier III Certification of Constructed Facility ensures that the facility has been constructed as designed, capable of meeting the defined availability requirements. The TCCF award confirms that the data center is concurrently maintainable, requiring no shutdowns when equipment needs maintenance or replacements and no impact to IT operations.
SOC 2 Type 2 Compliance
Service and Organization Controls (SOC) 2 is a reporting option specifically designed for entities such as data centers, software as a service (SaaS) vendors, and other technology and cloud-computing based businesses. SOC, or Service Organization Controls, focuses on the internal controls at an organization that are relevant to security, availability, processing integrity, confidentiality and privacy. SOC 2 compliance attests that DC BLOX has put in place the necessary internal controls to prove to its clients that their data is being handled securely and in accordance with industry standards.
DC BLOX meets SOC 2 Type 2 compliance requirements. Type 2 reporting assesses evidence of compliance over time showing that the assessed organization consistently meets its goals.
Our external auditing firm provides us with a non-confidential report on compliance called a SOC 3® report. View the most recent copy of the DC BLOX SOC 3 report.
NIST 800-171 Compliant
NIST SP 800-171 is a set of standards established by the National Institute of Standards and Technology (NIST) that outlines practices non-federal organizations can use to protect controlled unclassified information (CUI). CUI is sensitive but unregulated information from the U.S. Federal government and applies to non-federal agencies working with agencies such as the United States Department of Defense, the General Services Administration (GSA), National Aeronautics and Space Administration (NASA), federal agency services providers, vendors and suppliers for federal agencies, and higher education institutions that get federal grants.
DC BLOX meets NIST 800-171 compliance requirements as attested by a 3rd party auditor.
The Health Insurance Portability & Accountability Act of 1996 (HIPAA) is a federal law that requires covered healthcare entities such as healthcare providers and health insurance providers to develop strict safeguards to secure electronic protected health information. The Health Information Trust (HITRUST) Alliance is an independent third party testing organization that helps organizations achieve HIPAA compliance.
DC BLOX has put stringent controls in place to meet HIPAA compliance via HITRUST third party attestation. This provides assurance to healthcare entities that DC BLOX’s data centers conform to a high standard of data security to protect sensitive patient information according to HIPAA standards.
DC BLOX was founded on the principle of trust and a commitment to building highly secure data centers for our customers. As we continue to expand into new markets in the Southeastern United States, we remain focused on delivering scalable infrastructure, top-performing connectivity, and proven power service availability in our facilities.
As a service organization, we recognize that entrusting DC BLOX as your data center provider is an important decision. Therefore, we have continued to invest in a layered approach to safeguard each of our facilities from perimeter to process.
To validate the effectiveness of our security program and operations, we engaged an independent auditor to assess our compliance with a framework specifically designed for organizations like DC BLOX. Year after year, we continue to maintain our compliance with the SOC 2 / SSAE 18 standard which outlines our philosophy and approach for physically securing our data centers, environmental protection for equipment, personnel practices, and vendor risk, among other principles.
Information Security Management
DC BLOX maintains a team of individuals led by a Director of Security and Compliance that oversee and govern our security program. These individuals have defined roles to manage all security-related activities and responsibilities, to ensure our service delivery is undertaken in a manner consistent with all applicable standards, regulations, and contracts, as well as DC BLOX security policies.
Exterior perimeters and interior areas of our facilities are monitored 24 hours a day by security guards and experienced DC BLOX personnel to avoid unauthorized access to the grounds. Layered physical access to DC BLOX data centers is controlled through a standard process and access control systems to protect customer assets. Every individual is required to record their full name, employer, and purpose for their visit which then must be approved by a DC BLOX employee who is authorized to sign non-employees into the facility. Building doors throughout the site are locked using a combination of electronic access control cards and biometrics systems to protect secure areas of the facility.
DC BLOX is successful at meeting our service level agreements largely in part because we observe a standardized change control procedure. All new equipment installations or modifications to existing equipment are performed carefully, with management approval and during pre-defined maintenance windows. It is our top priority to ensure we protect the reliability and availability of DC BLOX services while avoiding customer disruptions during routine work.
DC BLOX maintains a documented incident response plan to ensure our team is capable of properly escalating issues and responding appropriately. A dedicated Incident Management Group is comprised of a centralized technical support team within the DC BLOX Customer Operations business unit.
Most services DC BLOX provides to customers are mission-critical to their day-to-day operations. Therefore, we have established processes that define, categorize and prioritize security incidents based upon the overall impact to the customer.
To report a concern, failure or incident, including suspected account breach, please contact our Incident Management Group using one of the following methods:
Service Portal: https://www.mydcblox.com/
Phone: 1-877-590-1684 option 2 (24×7)
In case of a security incident resulting in the unauthorized disclosure of personal information that is impacted by a state, federal or other regulation, DC BLOX will promptly notify impacted customers and authorities.
In the event DC BLOX incurs a major disaster, we have implemented contingency plans to minimize the overall impact to our customers. The Director of Data Center Operations along with the support of the Chief Operating Officer, engage a dedicated team in regular discussions regarding disaster preparedness and response procedures. Formal simulated scenarios are tested at least annually to evidence the effectiveness of our plan and ability to communicate with our customers during a widespread event.
DC BLOX implements technology and expertise to protect the high-speed optical networks in our data centers and prevent malicious traffic from entering them. Data traversing our internal networks are protected with the latest recommended secure cipher suites to encrypt traffic in transit. On-going monitoring of our networks is intact to ensure our facilities maintain the uptime that our customers rely on.
Recruitment and Selection Practices
DC BLOX recognizes the importance of selecting the right individuals to be a part of our operation and support our customers. We thoroughly screen all candidates under serious consideration and employment offers are contingent upon a clear criminal history. Furthermore, we require that all employees sign non-disclosure agreements to protect the confidentiality of our customer’s information.
Reporting Unethical Behavior
If you believe that one of our personnel has acted unethically or reasonably believe that their actions constitute a violation of the law, please call 1-877-590-1684, select option 3 and ask for the head of human resources to communicate your concerns