Off-Site Data Protection Storage Guidelines
All members of the Northwestern Community and users of the University network.
Off-site storage requirements and procedures for sensitive media
It is important for NUIT and unit representatives responsible for their department's backup and recovery procedures to deploy measures that are synchronized with those acceptable to the University's central administration. This guideline identifies an approved data protection provider and defines standards for off-site data protection services.
1. Data Protection Services
1.1 Iron Mountain Off-Site Data Protection
Though we realize there are several providers who meet the University's stated requirements, there are benefits of scale by going with a single provider. Currently, this is the vendor recommended by Information Technology that meets the data protection needs of the University and is price/performance favorable:
Iron Mountain Off-Site Data Protection
500 Frontier Way Bensenville, IL 60106
The person to contact to set up your agreement for off-site data storage and who is responsible for handling Northwestern University accounts is listed below:
Lynn Zimmerman, Account Representative
Iron Mountain Off-Site Data Protection
Phone: (630) 630-285-0080 Fax: (630) 595-2287
1.2 Program Descriptions
For those unfamiliar with off-site storage programs, here are some definitions and descriptions to help clarify the terms frequently used. In general, there is a pick up and drop off service provided by the vendor. The media retention period (how long it will be stored off-site) is pre-determined by the customer. The routine is established between the two parties and the fees incurred are based upon the frequency of the pick up/drop off service and the number of containers that are needed. To meet data protection audit requirements, a media rotation of grandfather - father - son is generally followed.
Closed Container Program: Iron Mountain rotates the container by its retention date. Iron Mountain picks up the locked container from the customer and stores it unopened at its vaulting facility. Iron Mountain does not interact with the media inside the Closed Container. The container has a single retention date, hence, the entire contents have the same retention date. Iron Mountain can provide information on which containers you have stored at their facility. Detail of the contents is the customer's responsibility.
Open Container Program: Iron Mountain rotates individual tapes by their retention date. Iron Mountain picks up the locked container from the customer, unlocks the container at its facility, and the media is slotted inside the customer's designated vault space. This interaction with the media is called an Open Container environment. Each tape within the Transport Container can have its own retention date. Iron Mountain can provide exact information on the media you have stored at their facility.
|Types of Containers||Tape Capacity|
|4mm Containers (Transport or Closed Containers):||Up to 26 4mm tapes|
|Small 8mm Containers (Transport or Closed Containers):||Up to 14 8mm tapes|
|Large 8mm Containers (Transport or Closed Containers):||Up to 22 8mm tapes|
|DLT Containers (Transport or Closed Containers):||Up to 21 DLT tapes|
1.3 Rates and Fees
Northwestern University rates are discounted 18% off the regular Iron Mountain fee structure. Under the current terms a closed container program, using 4 rotated containers with pick up/drop off service once per week would cost approximately $90 per month. Fees can be increased or decreased by raising or lowering the frequency of the pick up/drop off service.
Today's pricing structure is valid through June 30, 2020. Rates are reviewed by the vendor on an annual basis.
2. Budget Responsibilities
The individual departments are responsible for establishing budgetary funding and assuming the ongoing costs for their off-site data protection program. Though not intended as a mandate, this Guideline may be utilized as supporting documentation for approving necessary funds.
This instrument heightens the awareness of the need for off-site retention of application and data file backups and defines acceptable standards for off-site storage. However, the compliance decision as well as the risks for non-compliance must be weighed and borne by the individual departments.
Standards for Off-Site Data Protection Services
1. Remote Faculty Protection Specifications
1.1 Company Philosophy
Vendors must show they understand the value of our critical data processing records. They should demonstrate a total commitment to the protection of these records through complete reduction of the risks and exposures that cause data loss. A commitment should be demonstrated, not only to the University's data center, but also to the entire organization and its business units.
1.2 Company History/Experience
A vendor should supply a list of references that may be called to verify their service track record. Vendor must be capable of providing all services and meet all specifications stated in this document. Vendor must also illustrate its history and experiences in providing these services and list any other areas they own a facility for these services in the United States. Vendor may also illustrate on an addendum other value added benefits offered which we should know about, such as education, training, etc.
1.3 Referenced industry experts for off-site standards
NFPA - The National Fire Protection Association
ACRC - Association for Commercial Records Centers
DOD - The Department of Defense
NIST - The National Institute of Standards and Technology
UL - Underwriters Laboratories
NRC - The Nuclear Regulatory Commission
FFIEC - Federal Financial Institutions Examination Council
Facility location should minimize the risk of potential data loss and should meet the location requirements set by industry experts and common sense.
- Away from 100-year flood plain and known fault lines
- Away from statistically high crime and fire areas; must not be within Chicago, IL, city limits
- Must not have any gas lines entering entire building
- Away from above-ground fuel storage tanks
- Away from industrial train routes
- Must be accessible to multiple routes for entry and egress
- Away from banks or shops that house/sell valuables (jewelry, etc.)
- Must be at least 5 miles from computer location
- Must be in a single-story dwelling
- Entire building must have 100% fire suppression coverage (includes any neighbors)
- Must be access controlled (includes any neighbors)
- Must be in close proximity to police and fire stations
- Must be in low-profile area away from high traffic routes
Facility and vault construction should minimize the risk of potential data loss and should meet the construction requirements set by industry experts and common sense.
- Must be a single-story building
- Vaults must be constructed above-grade (in-grade is not acceptable)
- Entire building (includes any neighbors) must be a secured/inaccessible facility
- Facility entrance should have a man-trap entry system
- Truck loading area must have a secured, double door entry system
- No gas lines (includes any neighbors) in or around facility
- No water pipes over or under vaulting areas
- No pipes inside vault other than fire suppression and electrical support
- Vault construction should be steel-reinforced concrete
- Must use industry approved vault doors
- Vaults must meet NFPA fire rating of 4 hours
- Each vault must have a dedicated alarm, Halon system and HVAC unit
- Vaults floors must utilize an anti-dust floor agent HVAC units must be located outside vault
- Entire facility must be designed to achieve non-combustibility
- All racking in vaults must be cross-braced for seismic activity
- Vaults must be certified to protect from all magnetic threats (up to 500 Tesla)
- Administrative areas are separated from the vaulting areas
- Facility must be completely unmarked and assume a low profile
Facility environment should minimize the risk of potential data loss and should meet environmental requirements set by industry experts and common sense.
- No bulk-paper is to be stored near the media vault
- Each vault must maintain acceptable temperature (60 - 70 degrees F)
- Each vault must maintain acceptable humidity (35% - 45%)
- Temperature and humidity levels must be monitored using a hygrometer
- Each vault must be tied directly to an alarm company to detect temperature variances
- Permanent hygrometer records are kept for the temperature and humidity levels
Facility alarms should minimize the risk of potential data loss and should meet alarm requirements set by industry experts and common sense. Connecting neighbors, if any, should also have alarm protection.
- Facility should have two separate alarm systems utilizing 2 separate security companies
- Immediate notification / response from authorities is mandatory for all alarms
- Detection of fire, water, motion, sound, vibration, magnetic door contact, window breakage and improper access code entry
- Alarms should use employee codes that cannot be lost, stolen or misplaced
- Alarm systems should provide an audit trail listing of activity
- Closed circuit television monitoring the interior and exterior of the facility
- Each media vault should have a dedicated, fully functioning alarm system
- All alarm systems should have a power back-up
- Security companies utilized should be on different power grids
3.1 Construction, Environment, Alarms
Vehicles should minimize the risk of potential data loss during transit and should meet data protection vehicle requirements set by industry experts and common sense.
- Each vehicle must be owned by vendor
- Each vehicle must be retrofitted for protecting magnetic media and must only be used for transporting magnetic media
- Insulated shells, designed to minimize temperature fluctuations must be used
- E-tracking within the vehicle cargo area should be utilized to secure all carts and containers during transportation
- Cargo area of vehicle must be separate from main cab
- Each vehicle cargo area must have heating / air-conditioning
- Each vehicle must be equipped with a halon fire suppression unit
- Vehicles must not have windows in cargo area
- Vehicles must be completely unmarked
- Vehicles must have mobile phones
- Vehicles must undergo daily inspection/maintenance (logs should be maintained)
- All vehicles must have a self-alarming security system
- Vehicles must be locked and alarmed at all times while unattended
Containers should minimize the risk of potential data loss and should meet media container standards set by industry experts and common sense.
- Must use at least .22 gauge steel containers and carts
- Containers should be foam lined and specific for each media type
- Containers / carts must be locked at all times during transit
- Keys shall be in the possession of the customer
- Containers must be water-resistant, shatter-resistant and fire-resistant
- Containers must have a unique label so not to identify customer or contents
5. Procedures and Operating Practices
Security and authorization procedures should be designed to minimize the risks and exposures of potentially losing critical data and should meet requirements set by industry experts and common sense.
5.1.1 At Vendor Site
- Media must not be co-mingled with other customers; segregated storage racks must be provided for each customer
- Facility must only be used in accordance with its local county/city provisions
- Access codes and combinations to vault doors and alarms must only be issued to operations employees whose responsibilities require access
- Vault doors must remain closed at all times and vaults must be alarmed when vacant
- Facility access must be restricted to employees, clients, prospects, and necessary vendors
- All visitors must be escorted by a bonded representative at all times
- Media must only be transported to vendor facility by vendor employees
- Multiple levels of authorization must be used to control who can interact with customer critical records and at what level for both day-to-day interaction and actual emergency situations
- Authorization list must be secured and maintained
- Vendor should supply authorization update forms a minimum of four times a year
- Media should be handled behind closed doors only
5.1.2 At Customer Site
- Unique authorization cards and codes indicating each employee's level of access must be utilized
- Authorization cards must be presented prior to any transaction taking place at customer location or a recovery site
- Higher levels of authorization must be used to verify unusual requests or to confirm the release of records to an alternate site during a disaster
- Signatures during media exchanges must be verified in person
5.2 Disaster Recovery
Disaster Recovery procedures should reduce the potential risks and exposures of losing critical data and should meet requirements set by industry experts and common sense.
- Vendor must have maximum 2-hour response on local emergency requests
- Vendor must have extensive experience in assisting in actual disasters and test scenarios
- A back-up storage facility meeting industry standards must be available within 50 miles
- Additional vehicles / resources must be readily available in the event of a disaster
- Vendor must have a written DR plan for its own facility
- Vendor must have arrangements to provide offsite storage services from the hot site should the data center have the need to relocate for an emergency situation
- Vendor must be able to provide air transport media containers for flying media anywhere in the United States
Technology should be used where necessary to enhance the quality of service provided and, if applicable, must be available for sale to the customer.
- Vendor must be able to provide a bar code solution for tape movement
- Vendor must be able to provide electronic file transfer
- Vendor must be able to provide paperless interaction software for customer
Facilities, vehicles and procedures are useless without quality people who adhere to them without exception. The following employee requirements must be a standard part of the vendor's process.
- Employee selection must include: interview process, reference checks, criminal record check, driving record verification and drug screening (to be performed prior to employment)
- All representatives should be given a monthly performance evaluation to ensure the highest level of service and continue the education process
- All representatives must be bonded
- Employee drug testing must be performed on an unscheduled basis
Important DatesOriginal Issue Date:
- May 1998
- June 2003, November 2019