Security, protection standards and Server Fortress

Server Fortress has been tested and approved  by LPCB to LPS 1175, security rating 2; certificate number 1465a, Issue 07.


LPCB (Loss Prevention Certification Board) LPS (Loss Prevention Standard) 1175, security rating 2 - Specification for testing and classifying physical protection devices for personal computers and similar equipment - Product suitable for high security storage of servers and other computer equipment.

 

 

Comparison document for all the various security standards being used across Europe. LPS 1175, security rating level 2 (which Server Fortress has achieved) is the equivalent of EN 1627 and PAS 24 - SR
LPS1175 BRE comparison with other EU sta[...]
Adobe Acrobat document [3.5 MB]

Server Fortress can help the complete data centre’s infrastructure reach a set level of protection such as IL3 (BIL3). It would form one of the levels of physical protection. Note, other outer layers of portection may also be required. The HMG Security Policy Framework, Version 11.0 – October 2013 issued by The Cabinet Offfice states the following –


Point 55

‘The “defence in depth‟ or “layered‟ approach to security starts with the protection of the asset itself (e.g. creation, access and storage), then proceeds progressively outwards to include the building, estate and perimeter of the establishment. The type and mix of physical and procedural controls will vary depending on the organisation’s particular circumstances and business requirements, the nature and level of any threats (terrorism, forced break-ins, covert entry, crime etc) and the cost-effectiveness of the controls. The location and layout of each.’

As stated above protection needs to start as close to the asset as possible and then be layered outwards. Server Fortress with its LPS 1175, security level 2, certificate is therefore a great starting point for this layered approach.

For information only

United Kingdom Business Impact Levels (BIL)

An Introduction to Business Impact Levels

The Security Policy Framework (SPF) sets out new responsibilities regarding the Protective Security and Risk Management required within Government Departments and Agencies whilst recognising the wider implication for the Commercial Sector which plays an increasingly intimate role within the UK Government matrix, as well as making up the core sectors within the Critical National Infrastructure (energy, water, agriculture, etc). Similarly, organisations such as the National Health Service, Police forces and local Government all handle Government Assets on a regular basis.

The SPF specifies the key elements within the Government’s Protective Security System, which details the minimum mandatory requirements relating to the Handling of Personal Data and Managing Information Risk within Government Departments. These requirements are formalised within a new Information Assurance Standard - IA Standard no.6.

The enclosed has been prepared by Don Ruffles Limited using commercially available documentation specifically for the ShreddingMachines.co.uk and Degaussers.eu websites due to the high number of prospects requesting explanations. The enclosed should only be used as a guideline only, as it is implicitly recognised that all Organisations should consult with their Security Advisors for specific advice on their individual Requirements Alternatively discuss with Don Ruffles Limited expert advisors for specific advice - 0845 5555 007

View full details of CESG/Cabinet Office Business Impact Level Tables issue no.3.5 Oct 09 here

An example of Business Impact Level may include:

Business Impact Level 0 (BIL0) - NO IMPACT

Not likely to cause any specific loss but may cause some embarrassment if information were to fall into the wrong hands.

Business Impact Level 1 (BIL1) - UNCLASSIFIED or NON PROTECTIVELY MARKED assets

To cause a Financial Loss to the Public Sector of up to £1,000.00

Likely to cause a Minor Financial Loss to any party - for example under £100.00 for an Individual or Sole Trader or up to £1,000.00 for a Larger Business

Business Impact Level 2 (BIL2) - Criteria for assessing PROTECT (Sub-national security marking) assets:

Likely to cause distress to individuals
Breach proper undertakings to maintain the confidence of information provided by third parties
Breach statutory restrictions on the disclosure of information
Cause financial loss or loss of earning potential, or to facilitate improper gain
Unfair advantage for individuals or companies
Prejudice the investigation or facilitate the commission of crime
Disadvantage government in commercial or policy negotiations with others
Likely to cause inconvenience or loss to an individual or
Would undermine the Financial Viability to UK SME’s (Small and Medium sized Enterprises)
Can potentially cause a Financial Loss to the Public Sector of up to £10,000.00
Likely to cause a Moderate Financial Loss to any party - for example under £1,000.00 for an Individual or Sole Trader or under £10,000.00 for a Larger Business

Business Impact Level 3 (BIL3) - Criteria for assessing RESTRICTED assets:

Affect Diplomatic relations adversely
Cause substantial distress to individuals
Make it more difficult to maintain the operational effectiveness or security of United Kingdom or Allied forces
Cause financial loss or loss of earning potential or to facilitate improper gain or advantage for individuals or Companies
Prejudice the investigation or facilitate the commission of crime
Breach proper undertaking to maintain confidence of information provided by 3rd parties
Impede the effective development or operation of government policies
To breach statutory restrictions on disclosure of information
Disadvantage government in commercial or policy negotiations with others
Undermine the proper management of the public sector and its operations
Likely to cause a risk to an Individuals Safety and Liberty
Would undermine the Financial Viability of a Minor UK based or UK owned Organisation
Can potentially cause a financial loss to HMG/Public Sector of up to £1million
Likely to cause a Significant Financial Loss to any party - for example under £10,000.00 for an Individual or Sole Trader or under £100,000.00 for a Larger Business

Business Impact Level 4 (BIL4) - Criteria for assessing CONFIDENTIAL assets:

Materially damage diplomatic relations (i.e. cause formal protest or other sanction)
Prejudice individual security or liberty
Cause damage to the operational effectiveness or security of United Kingdom or allied forces or the effectiveness of valuable security or intelligence operations
Work substantially against national finances or economic and commercial interests
Substantially to undermine the financial viability of major organisations
Impede the investigation or facilitate the commission of serious crime
Impede seriously the development or operation of major government policies
Shut down or otherwise substantially disrupt significant national operations
Likely to cause a risk to a Group of Individuals Safety and Liberty
Would undermine the Financial Viability of a Major UK based or UK owned Organisation
Can potentially cause a financial loss to HMG/Public Sector of up to £10million
Likely to cause a Significant Financial Loss to any party - for example under £100,000.00 for an Individual or Sole Trader or under £1million for a Larger Business

Business Impact Level 5 (BIL5) - Criteria for assessing SECRET assets:

Raise international tension
To damage seriously relations with friendly governments
Threaten life directly, or seriously prejudice public order, or individual security or liberty
Cause serious damage to the operational effectiveness or security of United Kingdom or allied forces or the continuing effectiveness of highly valuable security or intelligence operations
Cause substantial material damage to national finances or economic and commercial interests

Business Impact Level 6 (BIL6) - Criteria for assessing TOP SECRET assets:

Threaten directly the internal stability of the United Kingdom or friendly countries
Lead directly to widespread loss of life
Cause exceptionally grave damage to the effectiveness or security of United Kingdom or allied forces or to the continuing effectiveness of extremely valuable security or intelligence operations
Cause exceptionally grave damage to relations with friendly governments
Cause severe long-term damage to the United Kingdom economy
Print Print | Sitemap
Contact Marcus Edwards Tel: 07889 871106 Marcus@ServerFortress.co.uk