Are your servers separated from other companies via a physical barrier, such as a cage or hard walls?
Explanation
Physical isolation in the datacenter is what's being verified: whether your servers are separated from other companies' equipment by barriers such as cages or hard walls.
Why it matters: Physical separation is a critical security control that prevents unauthorized physical access to your servers by other tenants in a shared datacenter environment. Without proper physical barriers, someone with legitimate access to the datacenter (like another customer's technician) could potentially access, tamper with, or damage your equipment. Physical security is a fundamental layer in a defense-in-depth security strategy.
The question is asked in security assessments because physical access to servers can bypass many software-based security controls. An attacker with physical access could install hardware keyloggers, extract storage devices, manipulate hardware, or even steal equipment containing sensitive data. Educational institutions want to ensure their data is protected not just from cyber threats but also from physical threats.
When answering this question, you should describe:
- The type of physical barriers used (cages, hard walls, locked cabinets, etc.)
- Access controls to these barriers (who has access and how it's controlled)
- Whether you use a third-party datacenter and their physical separation practices
- Any additional physical security measures that complement the barriers
Example Responses
Example Response 1
Yes, our servers are housed in dedicated cages within our colocation facilities These cages use metal mesh walls that extend from the floor to the ceiling, creating complete physical separation from other tenants' equipment Access to our cages requires both electronic key card authentication and physical keys that are only held by authorized members of our infrastructure team Additionally, the datacenter itself employs 24/7 security personnel, CCTV monitoring, and maintains logs of all physical access to our equipment areas.
Example Response 2
Yes, our company utilizes AWS dedicated hosting services for our infrastructure While we don't directly manage the physical servers, AWS maintains strict physical separation between customer equipment in their datacenters According to their compliance documentation, servers are housed in separate locked cabinets within secure areas that feature hard walls and multiple layers of physical access controls AWS datacenters are SOC 2 Type II and ISO 27001 certified, which includes verification of their physical security controls We receive attestation reports annually confirming these controls remain in place.
Example Response 3
No, our servers are currently housed in a shared rack environment within our datacenter provider's facility While the facility itself has perimeter security controls including badge access and security personnel, our specific servers are not separated from other customers' equipment by physical barriers such as cages or hard walls Instead, we rely on logical security controls and encryption to protect our data We recognize this physical security limitation and are evaluating options to migrate to a caged environment or private suite within the next fiscal year as part of our security enhancement roadmap.
Context
- Tab
- Infrastructure
- Category
- Datacenter
Related questions
- Select your hosting option.
- Is a SOC 2 Type 2 report available for the hosting environment?
- Are you generally able to accommodate storing each institution's data within its geographic region?
- Are the data centers staffed 24 hours a day, seven days a week (i.e., 24 x 7 x 365)?
- Does a physical barrier fully enclose the physical space, preventing unauthorized physical contact with any of your devices?
- Are your primary and secondary data centers geographically diverse?

