4

I am doing some investigation on hosting sensitive data. Mostly finance and fund data but at a personal level. This will be a secure website where users will be able to login and view their fund data. Backups are needed but source data will reside in offline database and will be transfered to this site on a monthly/quarterly basis (not sure at the moment how). Credit card data storage is not required at this time.

I'm trying to figure out what I need to look for when selecting a host from physical security to data security. What are some considerations to take into account when looking for a host? SAS 70? Any others?

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
jdruid
  • 141
  • 1
  • What exactly do you mean by hosting in this context? Storing in the cloud so you can get to it from multiple machines? Or making the data available for other people to download? Or backing up off-site? I notice a PCI-DSS tag, are you putting other people's credit card data there? – Graham Hill Mar 01 '12 at 15:39
  • Sorry. I guess I should have been more specific. This will be a secure website where users will be able to login and view their fund data. Backups are needed but source data will reside in offline database and will be transfered to this site on a monthly/quaterly basis (not sure at the moment how). CC is not required at this time. I'm trying to figure out what I need to look for when selecting a host from physical security to data security. Thanks in advance – jdruid Mar 01 '12 at 16:09
  • @Joshua - popped your comment into the question and removed pci tag, as it won't be appropriate if you aren't doing anything with CC data – Rory Alsop Mar 01 '12 at 19:06

1 Answers1

2

You will want to make sure that all associated vendors have either a SAS70 type 2 or SSAE16 that is up to date. This should provide you with a list of the physical and technical security controls in place, and their effectiveness.

bolda
  • 21
  • 1