DCTR-04

Are the data centers staffed 24 hours a day, seven days a week (i.e., 24 x 7 x 365)?

Explanation

This question is asking whether your data centers have personnel physically present at all times, without any gaps in coverage. Why this matters for security: 1. Physical security is a critical layer of defense - having staff onsite 24/7/365 means there are always people available to respond to physical security incidents (unauthorized access attempts, break-ins, etc.) 2. Continuous monitoring allows for immediate response to environmental threats like fires, flooding, or power issues that could impact data availability and integrity 3. Technical issues that require physical intervention can be addressed promptly at any time, reducing potential downtime 4. Regulatory compliance often requires specific levels of physical security controls, including staffing requirements When answering this question, be specific about your staffing model. If you use a third-party data center provider (like AWS, Azure, Google Cloud), you should indicate this and reference their staffing practices. If you maintain your own data centers, provide details about your staffing schedule, including any contingency plans for holidays or emergencies. If you have multiple data centers with different staffing models, clarify this in your response.

Example Responses

Example Response 1

Yes, all of our production data centers are staffed 24 hours a day, 7 days a week, 365 days a year We maintain a minimum of three security personnel and two technical operations staff onsite at all times, including holidays and weekends Each shift has clearly defined responsibilities for physical security monitoring, access control management, and emergency response We also have documented procedures for shift handovers to ensure continuous coverage and situational awareness.

Example Response 2

Yes, our company utilizes Amazon Web Services (AWS) for our cloud infrastructure According to AWS's security documentation, all AWS data centers are staffed 24/7/365 with trained security personnel Additionally, we maintain our own Network Operations Center (NOC) that is staffed 24/7/365 to monitor our systems and applications, though our NOC staff are not physically present at the AWS data centers For more detailed information about AWS's physical security controls, we can provide their compliance documentation upon request.

Example Response 3

No, our data centers are not staffed 24/7/365 We maintain onsite security and technical personnel during business hours (8:00 AM to 6:00 PM local time) Monday through Friday Outside of these hours, we rely on automated monitoring systems, remote alerts, and an on-call rotation of technical staff who can respond to incidents within 30 minutes Our facilities are equipped with comprehensive physical security controls including badge access systems, CCTV monitoring, intrusion detection systems, and environmental monitoring that alert the on-call team in case of any issues While this approach has been sufficient for our current risk profile and customer requirements, we recognize that 24/7 staffing would provide additional security benefits and are evaluating this option for future implementation.

Context

Tab
Infrastructure
Category
Datacenter

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron