Security

diagram_policy2
The Centre for Advanced Computing (CAC) at Queen’s University specializes in secure advanced computing resources and support for academic and medical clients.  CAC operates a high security, high availability data centre as part of the Compute Canada and Compute Ontario family.

We operate both large central compute and storage clusters as well as smaller segregated networks designed with security and privacy in mind.  Our services range from client managed On-Premises hardware, Infrastructure-as-a-service (IaaS), Platform as-a-service (PaaS), to Software as-a-service (Saas) where CAC manages all software and hardware requirements.

This security and privacy overview outlines the safeguards used in the protection of information assets at CAC.  CAC complies with a variety of frameworks and standards including those of Queen’s University, ISO 27002, and PHIPA in order to help protect the confidential information it hosts including intellectual property (IP) and personal health information (PHI).  

Administrative Safeguards

  • CAC’s data centre and its infrastructure are designed and operated with security in mind.
  • Following the least privileged principle, physical access is controlled and limited to only a small number of select CAC staff.
  • The data centre has a controlled entrance for customers, with visitor sign in and escort.
  • All CAC staff have regular criminal background checks.
  • All CAC staff sign our non-disclosure agreement.
  • All CAC staff undergo regular security awareness training.
  • CAC staff with privileged access are given additional security training.
  • CAC maintains written and adapted Security Policies.
  • CAC makes sure our clients are well informed. We follow incident-reporting procedures to handle issues related to security and privacy.
  • On-call staff for emergencies.

Technical Safeguards

  • Sensitive data is transmitted using industry standard encryption technologies.
  • Our secure websites use certificates from Trusted Certificates Authorities and are configured to use strong protocols and ciphers.
  • VPN certificates use at least a 2048 bit key length and SHA2 as its hashing algorithm. Two factor Authentication is used to protect VPN credentials, while AES-256 is used to encrypt tunnel traffic.
  • CAC manages dedicated firewalls used to provide secure boundaries for client networks.
  • CAC event management collects logs and statistics from core nodes.
  • CAC manages a next-generation backup system offering dual encrypted backups using IBM’s flagship product Spectrum Protect.
  • CAC conducts vulnerability assessments on core websites and services for clients.

Physical Safeguards

  • CAC operates its facilities using defined security perimeters with entry control.
  • CAC’s data centre is equipped with large UPS systems in a (n+1) configuration.
  • CAC has an on-site 500KW Generator with 24 hours of fuel and a re-fueling strategy.
  • A FM-200 suppression system protects the infrastructure from the threat of fire.
  • We have multiple Air Conditioning units equipped with redundant compressors capable of maintaining the ideal temperature and humidity in the data centre.
  • Cameras record activity in the data centre and maintain recordings for at least 90 days.
  • We have 24/7 third party monitoring for security and environmental alarms such as intrusion, fire, heat, humidity and water.
  • CAC’s data centre has 10GB network connectivity including links to ORION, and multiple commercial Internet providers.