Compliance

SOC 2 Type 2 Compliance

SOC 2 is a reporting option specifically designed for entities such as data centers, software as a service (SaaS) vendors, and other technology and cloud-computing based businesses. SOC, or Service Organization Controls, focuses on the internal controls at an organization that are relevant to security, availability, processing integrity, confidentiality and privacy. SOC 2 compliance attests that DC BLOX has put in place the necessary internal controls to prove to its clients that their data is being handled securely and in accordance with industry standards.

DC BLOX meets SOC 2 Type 2 compliance requirements. Type 2 reporting assesses evidence of compliance over time showing that the assessed organization consistently meets its goals.

SOC2 Type 1 Certification logo

Security Assurance

DC BLOX was founded on the principle of trust and a commitment to building highly secure data centers for our customers. As we continue to expand into new markets in the Southeastern United States, we remain focused on delivering scalable infrastructure, top-performing connectivity, and proven power service availability in our facilities.

As a service organization, we recognize that entrusting DC BLOX as your data center provider is an important decision. Therefore, we have continued to invest in a layered approach to safeguard each of our facilities from perimeter to process.

To validate the effectiveness of our security program and operations, we engaged an independent auditor to assess our compliance with a framework specifically designed for organizations like DC BLOX. Year after year, we continue to maintain our compliance with the SOC 2 / SSAE 18 standard which outlines our philosophy and approach for physically securing our data centers, environmental protection for equipment, personnel practices, and vendor risk, among other principles.

Our external auditing firm provides us with a non-confidential report on compliance called a SOC 3 report. View the most recent copy of the DC BLOX SOC 3 report.

Key Principles

Information Security Management

DC BLOX maintains a team of individuals led by a Director of Security and Compliance that oversee and govern our security program. These individuals have defined roles to manage all security-related activities and responsibilities, to ensure our service delivery is undertaken in a manner consistent with all applicable standards, regulations, and contracts, as well as DC BLOX security policies.

Physical Security

Exterior perimeters and interior areas of our facilities are monitored 24 hours a day by security guards and experienced DC BLOX personnel to avoid unauthorized access to the grounds. Layered physical access to DC BLOX data centers is controlled through a standard process and access control systems to protect customer assets. Every individual is required to record their full name, employer, and purpose for their visit which then must be approved by a DC BLOX employee who is authorized to sign non-employees into the facility. Building doors throughout the site are locked using a combination of electronic access control cards and biometrics systems to protect secure areas of the facility.

Change Management

DC BLOX is successful at meeting our service level agreements largely in part because we observe a standardized change control procedure. All new equipment installations or modifications to existing equipment are performed carefully, with management approval and during pre-defined maintenance windows. It is our top priority to ensure we protect the reliability and availability of DC BLOX services while avoiding customer disruptions during routine work.

Incident Response

DC BLOX maintains a documented incident response plan to ensure our team is capable of properly escalating issues and responding appropriately. A dedicated Incident Management Group is comprised of a centralized technical support team within the DC BLOX Customer Operations business unit.

Most services DC BLOX provides to customers are mission-critical to their day-to-day operations. Therefore, we have established processes that define, categorize and prioritize security incidents based upon the overall impact to the customer.

To report a concern, failure or incident, including suspected account breach, please contact our Incident Management Group using one of the following methods:

Service Portal: https://www.mydcblox.com/
Phone: 1-877-590-1684 option 2 (24×7)
Email: nocsupport@dcblox.com

In case of a security incident resulting in the unauthorized disclosure of personal information that is impacted by a state, federal or other regulation, DC BLOX will promptly notify impacted customers and authorities.

Disaster Recovery

In the event DC BLOX incurs a major disaster, we have implemented contingency plans to minimize the overall impact to our customers. The Director of Data Center Operations along with the support of the Chief Operating Officer, engage a dedicated team in regular discussions regarding disaster preparedness and response procedures. Formal simulated scenarios are tested at least annually to evidence the effectiveness of our plan and ability to communicate with our customers during a widespread event.

Network Monitoring

DC BLOX implements technology and expertise to protect the high-speed optical networks in our data centers and prevent malicious traffic from entering them. Data traversing our internal networks are protected with the latest recommended secure cipher suites to encrypt traffic in transit. On-going monitoring of our networks is intact to ensure our facilities maintain the uptime that our customers rely on.

Recruitment and Selection Practices

DC BLOX recognizes the importance of selecting the right individuals to be a part of our operation and support our customers. We thoroughly screen all candidates under serious consideration and employment offers are contingent upon a clear criminal history. Furthermore, we require that all employees sign non-disclosure agreements to protect the confidentiality of our customer’s information.

Reporting Unethical Behavior

If you believe that one of our personnel has acted unethically or reasonably believe that their actions constitute a violation of the law, please call 1-877-590-1684, select option 3 and ask for the head of human resources to communicate your concerns