We provide security and compliance services designed to help protect Rackspace information and physical resources. This effort also focuses on ensuring that Rackspace has controls in place to manage the risk of interruptions that may impact our service level commitments to you.
Our security organization, Rackspace Global Security Services, is responsible for setting objectives for information security management to preserve our commitment to our customers. This includes setting policies in the following areas:
The policy establishes Rackspace's direction and support for information security and sets a risk management framework that is in accordance with business requirements and relevant laws and regulations.
To download our Commitment To Security Policy, click here.
This area focuses on achieving and maintaining appropriate protection of Rackspace's critical infrastructure required for its service delivery.
Controls to ensure that all Rackspace employees, contractors and third party users understand their responsibilities, and are suitable for the roles they are considered.
To prevent unauthorized physical access, damage, and interference to our organization's premises and information.
Framework to ensure only approved users are granted access to appropriate systems and resources.
Policies and processes aimed at making sure information security events and weaknesses are communicated in a manner allowing timely corrective action.
Our team gives immediate attention to any report of security issues. Learn about our security disclosure process and how to submit a security vulnerability report.
To execute the plans defined in the control objectives above, Rackspace uses the best practices described in the ISO 27002 security standard. This standard is recognized globally as the most comprehensive framework for establishing and maintaining information security best practices within an organization. As these controls are essential to our security posture, we refrain from describing them in detail on publicly available documents. For further insight into these controls, customers and prospects can view this information on our Service Organization Control 1 (SOC 1) report, which is available under the appropriate confidentiality agreements.
The compliance and validation phase is an important collection of audit and review activities that provide assurances that our implemented controls are designed and operating effectively and aligned with the policies set by the security organization. Learn more about the compliance certifications that Rackspace currently maintains.
Rackspace has invested significant resources to ensure it can detect and respond to security events and incidents that impact its infrastructure. It is key to point out that this function does not involve actively monitoring individual customer solutions, but the overarching networking and physical environment including the monitoring of internal networks and employee access customer environments.
Security operations at Rackspace ensure that:
This function of our security management system drives continuous improvement of the practices and models we implement to protect Rackspace infrastructure.
An effective mitigation of risks of a cloud solution requires a combination of a secure application architecture and security management disciplines within the service provider. Security Management at Rackspace involves the coordination of the security organization, security controls, and compliance and security operations.
“Card providers, banks and financial bodies now demand a stringent level of security on all remote transactions and the totally secure storage of transaction data. It was with this in mind that we chose Rackspace® Hosting as our hosting partner for the project. We had already gained experience of Rackspace capabilities from within Deloitte and involvement with other high level projects. Their PCI compliance and Fanatical Support® promise sealed the partnership.”
Aingaran Somaskandarajah Technical Lead, Oyster Card