X

Shoptech and Rackspace

Shoptech takes the responsibility of hosting your data very seriously. That’s why we partnered with the most reliable cloud management company in the business: Rackspace. Rackspace has unmatched standards within the industry when it comes to the security and reliability. Their approach is designed to keep your business running fast, lean, and secure and comes with an industry leading 100% Network Uptime Guarantee.

Physical Security

  • Data center access is limited to only authorized personnel
  • Badges and biometric scanning for controlled data center access
  • Security camera monitoring at all data center locations
  • Access and video surveillance log retention
  • 24x7x365 onsite staff provides additional protection against unauthorized entry
  • Unmarked facilities to help maintain low profile
  • Physical security audited by independent rms annually

Environmental Controls

  • Dual power paths into facilities
  • Uninterruptible Power Supplies (minimum N+1) • Diesel Generators (minimum N+1)
  • Service agreements with fuel suppliers in place
  • HVAC (minimum N+1)
  • VESDA / Fire Suppression
  • Flood detection
  • Continuous facility monitoring

Network Infrastructure

  • High-performance bandwidth provided by multiple network providers
  • Elimination of single points of failure throughout shared network infrastructure
  • Cables properly trunked and secured
  • Proactive network management methodology monitors network route efficiency
  • Real-time topology and configuration improvements to adjust for anomalies
  • Network uptime backed by Service Level Agreements
  • Network management performed by only authorized personnel

Human Resources

  • Background screening performed on employees with access to customer accounts
  • Employees are required to sign Non-Disclosure and Confidentiality Agreements
  • Employees undergo mandatory security awareness training upon employment and annually thereafter

Operations Security

  • ISO 27001/2 based policies, reviewed at least annually
  • Documented infrastructure Change Management procedures
  • Secure document and media destruction
  • Incident Management function
  • Business Continuity Plan focused on availability of infrastructure
  • Independent Reviews performed by third parties
  • Continuous monitoring and improvement of security program anomalies

Security Organization

  • Security management responsibilities assigned to Global Security Services
  • Chief Security Officer oversight of Security Operations and Governance, Risk, and Compliance activities
  • Direct involvement with Incident Management, Change Management, and Business Continuity

RACKSPACE® SECURITY ASSESSMENTS AND COMPLIANCE

Rackspace maintains various certifications to assist you in verifying the security policies and processes Rackspace has in place for the environment of your hosted infrastructure. Rackspace has been assessed and hold validation for the following compliance frameworks

  • ISO 27001
  • SSAE 16 and ISAE 3402 (Previously SAS 70 Type II)
  • PCI DSS
  • Safe Harbor (export.gov)

It's important to note that Rackspace certifications do not make you compliant with your specific regulatory and compliance requirements.

Operations Security

The Rackspace ISO 27001 certified Information Security Management System (ISMS) is an iterative management system that helps ensure that security policies and processes are effective in mitigating identified risks.

SSAE 16 and ISAE 3402

The global Rackspace Type II SOC1 report can be used to satisfy requirements under both the SSAE 16 and ISAE 3402 standards.

PCI DSS

A Qualified Security Assessor (QSA) validates Rackspace as being a PCI DSS Level 1 Service Provider. The QSA validation of our compliance to the PCI DSS covers:

  • Physical security for Rackspace data centers located in: – United Kingdom
  • Hong Kong
  • United States
  • Network infrastructure (routers and switches)
  • Rackspace employee access to network devices

Please note that simply hosting a solution with Rackspace does not make you PCI-DSS compliant.