How does Tooling U-SME handle its data and IT systems?

The short answer is — we take it seriously.

The long answer is detailed below.

Tooling U-SME is located in a state-of-the-art data center featuring Robust Power & Power Monitoring, Environmental Systems, Fire Protection Services, 24x7x365 Security, Physical Construction, Telecommunications, SAS 70, and PCI DSS compliance.

All Tooling U-SME hosting equipment is fully redundant and load balanced. This includes clustered web servers, SAN, database servers, firewalls, routers, and switches. Reliability, availability, security and scalability are ensured by the use of proven, state-of-the-art technologies from EMC®, VMWare®, Dell®, and Cisco®. Backups are automated and taken offsite to a secure location.

Robust Power & Power Monitoring

Our servers and hardware rest on an anti-static, 19-inch raised floor supplied by an Uninterruptable Power Systems (UPS). The UPS is redundantly supplied by diversely distributed utility power and backed up by a 2.1 Megawatt diesel generator with a fuel capacity of 6,800 gallons. Due to our proximity to 911 emergency services, our data center benefits by being a priority location for emergency refueling. Power levels and distribution are monitored 24x7, allowing network engineers to adjust power consumption as need to ensure optimal power availability and usage.

Environmental Systems

The data center's temperature and humidity levels are controlled via a 240 ton HVAC cooling system distributed by a pressurized downdraft system located under the raised floor.

Fire Protection Services

The data center utilizes a state-of-the-art laser air sampling detection system which is 2000 times more sensitive than conventional smoke detectors. The detection system is backed by a pre-action, double interlocked dry pipe fire protection system.

24x7x365 Security

An onsite, around-the-clock Network Operations Center monitors security and video systems 24x7x365, providing access control for physical security that patrol the premises on a regular basis. Uniformed guards control the lobby, and no access is granted to the data center during off hours without an escort.

A state-of-the-art DSX security system provides access control to authorized personnel via a proximity card and key pad at all entrances to the data center. Any violation of the security protocols triggers an alert that is sent to two redundant and geographically diverse monitoring locations.

Video surveillance is in place at all entrances to the data center and throughout key locations within the data center. Video surveillance recordings are maintained for a minimum of 90 days.

Physical Construction

The Cleveland, Ohio Collocation Data Center perimeter is constructed with two physical layers of concrete reinforced material. There are two physical layers of doors to the data center consisting of heavy gauge steel security grade construction.

Telecommunications

Fiber and telecommunications connectivity is diversely routed via separate physical building entrances and diverse conduit paths into the data center itself. All of the major global carriers with large regional network footprints are fiber terminated directly inside the Data Center.

All network services are distributed via an overhead multi-tier ladder rack system.

  • AT&T/SBC
  • Level3/ICG
  • American Fiber Systems Global Crossing
  • XO
  • Time-Warner
  • Verizon Business
  • OneCommunity
  • Third Frontier

SAS 70

SAS 70

The Statement on Auditing Standards No. 70: Service Organizations or SAS 70 is an auditing statement issued by the Auditing Institute of Certified Public Accountants (AICPA). SAS 70 defines the professional standards that a service auditor uses to assess the internal controls of a service organization when issuing a service audit report.

There are two types of reports, both of which the Tooling U-SME data center is compliant with:

  • Type I — includes the service auditor's opinion regarding the fairness of the presentation of the service organization's description of the controls that have been placed in operation and the suitability of the design of the controls to achieve the objectives of the control.
  • Type II — includes everything from the Type I report but also the service auditor's opinion regarding whether or not the controls where operating effectively during the time of the review.

PCI DSS

PCI DSS

PCI DSS is a security standard that includes requirements for security management, policies, procedures, network architecture, software design and other protective measures. Developed by major credit card companies, PCI DSS is a guideline designed to help organizations process credit card information. The Tooling U-SME data center is PCI DSS compliant.