Compliant Hosting Processes
Protecting the confidentiality, availability and integrity of sensitive data requires the coordination of everyone involved in the acquisition, deployment, maintenance and disposal of IT systems used to store and manipulate the data. OnRamp uses a variety of Compliant Hosting Processes (below) to ensure that our interaction with your sensitive data occurs in an auditable, compliant fashion.
- Systems Development Life Cycle – OnRamp maintains a Systems Development Life Cycle process that governs the acquisition, deployment, maintenance and disposal of equipment exposed to sensitive data.
- Media Sanitization – OnRamp enforces a strict Media Sanitization Policy that is compliant with NIST standards for appropriately rendering storage media unreadable and unrecoverable.
- Risk Analysis – OnRamp regularly analyzes its own policies, processes and procedures to ensure that threats and vulnerabilities are identified and appropriately addressed.
- Breach Notification Procedures – OnRamp regularly trains all personnel on the procedures to notify customers in the event a security breach occurs with their infrastructure.
- Safe Harbor Analysis – OnRamp assists customers in determining how to appropriately protect data at rest and data on the fly to qualify for “safe harbors” which exist in regulatory law for breach notification.
OnRamp embodies a culture that emphasizes security. As SSAE 16 SOC II, PCI and HIPAA facilities, OnRamp’s Data Centers are regularly scrutinized on their physical security by third party experts. Signage on public facing building frontage is kept to a functional minimum and our facilities are under surveillance 24/7/365. Our Data Centers are accessed only by two-factor authentication, using a combination of card keys and biometric scanners. Visitors enter into a bulletproof mantrap, where they are authenticated – a process in which OnRamp personnel match photo ID with records of authorized visitor lists. Visitors that are authenticated must surrender their photo ID to the NOC personnel before being granted access to the Data Center and escorted by a member of the OnRamp NOC staff to their equipment. Once inside the facility, visitors are monitored at all times by over 30 cameras which stream to hard drives in the NOC. OnRamp maintains at least 90 days of video as part of our external audits and certification processes.
- 24/7 Video Surveillance
- Biometric Access
- Dual Factor Authentication
- Private Locking Racks
- Intrusion Detection
- 24/7 OnSite Engineers
All of OnRamp’s security systems are monitored 24/7 and activities logged according to stringent controls which are audited by a third party. The SSAE 16 SOC II audit generally includes controls over information technology and related processes, policies and procedures, including operational activities and validates everything is performing at optimal standards regarding security, availability and operating integrity. Multiple layers of security are employed for OnRamp’s managed infrastructure, including firewalls and intrusion detection.
OnRamp can deploy effective intrusion detection monitoring tailored to the requirements of each customer by providing managed intrusion detection systems on selected Cisco firewalls for customers who desire the ability to actively detect malicious activity on their network.