Skip over global navigation links

Data Center Security

The NIH Data Center provides a secure computing environment suitable for hosting critical applications and sensitive data. The Data Center’s staff members manage and monitor all host systems to ensure continued availability and effective operations. CIT’s security management program continually reviews and refines security operations.

The NIH Data Center, as a federal government facility, abides by all federal government information security policies

Physical Security

Physical and environmental controls protect the machine room itself from interruptions and unauthorized intrusions, and technical controls on all platforms provide the capability to protect applications and data from unauthorized disclosure and manipulation. A security guard is stationed at the main entrance to the Data Center 24 hours a day, seven days a week. The Data Center has a continuous power system (CPS), physical access control procedures, climate control, and a central backup and recovery system. Security management and operations procedures for all platforms to ensure the confidentiality, integrity, and availability of customer applications and data.  

Security Validation

The z/OS (Titan), Unix (EOS), and Windows systems undergo annual SSAE 16 (formerly SAS 70) Type II security audits. These audits validate the z/OS, Unix, and Windows hosting systems as suitable for hosting critical applications and sensitive data. The audits are conducted by independent auditors, under the direction of the HHS Office of Inspector General.

The SSAE 16 audit is a rigorous standard widely accepted by industry and government. The audit assures managers of financial and other applications that the NIH Data Center employs highly effective security and controls.

Disaster Recovery Program

disaster recovery program provides participating customers with facilities for continued processing in the event of an extended data center interruption.

Media Sanitization Service

CIT offers a media sanitization service through the NIH Data Center that includes degaussing and destruction of data storage media (magnetic or optical).

Further Information

For further information on general security at the NIH Data Center, see the Titan User's Guide.

Up to Top

This page last reviewed: June 18, 2012