Physical Data Center Security

Leading2Lean utilizes Amazon Web Services for Data Center Services due to their industry best practices and certifications. The following is from the Amazon AWS Security Website.

At a high level, we’ve taken the following approach to secure the AWS infrastructure:

• Certifications and Accreditations: AWS has in the past successfully completed multiple SAS70 Type II audits, and as of September 30, 2011 publishes a Service Organization Controls 1 (SOC 1) report, published under both the SSAE 16 and the ISAE 3402 professional standards. In addition, AWS has achieved ISO 27001 certification, has been successfully validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS), and has completed the control implementation and independent security testing required to operate at the FISMA-Moderate level. We will continue to obtain the appropriate security certifications and conduct audits to demonstrate the security of our infrastructure and services. For more information on risk and compliance activities in the AWS cloud, consult the Amazon Web Services: Risk and Compliance whitepaper.
• Physical Security: Amazon has many years of experience in designing, constructing, and operating large-scale data centers. AWS infrastructure is housed in Amazon-controlled data centers throughout the world. Only those within Amazon who have a legitimate business need to have such information know the actual location of these data centers, and the data centers themselves are secured with a variety of physical controls to prevent unauthorized access.
• Secure Services: Each of the services within the AWS cloud is architected to be secure and contains a number of capabilities that restrict unauthorized access or usage without sacrificing the flexibility that customers demand. For more information about the security capabilities of each service in the AWS cloud, consult the Amazon Web Services: Overview of Security Processes whitepaper.
• Data Privacy: AWS enables users to encrypt their personal or business data within the AWS cloud and publishes backup and redundancy procedures for services so that customers can gain greater understanding of how their data flows throughout AWS. For more information on the data privacy and backup procedures for each service in the AWS cloud, consult the Amazon Web Services: Overview of Security Processes whitepaper referenced above.

Certifications and Accreditations

• SOC 1/SSAE 16/ISAE 3402
• FISMA Moderate (AWS has also been certified and accredited to operate at the FISMA-Low level.)
• PCI DSS Level 1
• ISO 27001
• International Traffic In Arms Compliance
• FIPS 140-2
• HIPAA