Secure Media Vault Associates
About SMVAWhy SMVAServicesCertified ProtectionService LocatorVirtual Trade ShowMember Services


In the News

Potential storage clients often request that we provide a specification to present to their management team.  Others just wish to limit the bidders to those really intent on protecting their vital information assets.  So for all of you who wish to have a Service Level Agreement or Security Specification, that will protect your officers and Board of Directors, here is a very specific guideline.

OFFSITE/ONSITE MEDIA STORAGE SPECIFICATION

Due to recent Federal and State legislation, a new security emphasis is on the need for protection of computer media, backups, servers, email and other communications. Personal liability can exist for staff failing to provide computer media with the proper security and care. Whether that loss is from willful destruction, spoliation, espionage or catastrophic destruction, the loss of the digital/magnetic computer records is a serious offense and therefore proper procedures for storage of media should occur. Prescribed levels of performance are mandatory from their Media Vaulting Partners and storage vendors.

IT Managers and Security Officers in many states, in an effort to provide enhanced security far beyond that available from traditional offsite storage providers, offers the following specifications for storage in an offsite or on site facility so that the records of the citizens of this state will survive for their defined retention periods.

In order to comply with recognized security procedures that ensure media survival the storage facility shall include the following capabilities and features or offer an equivalency for each feature required to ensure the survival of the client’s media.

These stringent specifications required to limit damage to the media are due to the physical and engineering nature of the computer media itself. The requirements that the Service Provider shall provide to mitigate damage are as follows:

• Computer Media is extremely fragile. Such guidelines as the American National Standards Institute (ANSI), the European Computer Manufacturers Association (ECMA), the National Fire Protection Association (NFPA), the International Standards Organization (ISO) in a variety of computer media standards state that media is damaged at temperatures as low as 120º F. (48.9º C.) and destroyed at 125º F. (52º C.) Therefore any protective environment must maintain a temperature below 125º F to protect the integrity of the media.

- At no time should the media be exposed to a relative humidity exceeding 80%, as this will damage the media. Storage areas must be designed to eliminate any occurrence of extreme humidity. Concrete and concrete block unit vaults exceed 212º F and 80% RH within minutes of a catastrophic fire and therefore are not desirable for media vaults.

- Per National Fire Protection Association Standard for The Protection of Records (NFPA 232) Media vaults shall be designed to protect the media from temperatures above 125º F. and a relative humidity that exceeds 80%.

• Computer media is susceptible to damage from dust and special measures must be taken to assure that dust is held to an absolute minimum within the storage environment. In addition, magnetic fields rearrange or erase the data encoded on the media and therefore magnetic shielding should be designed into the storage environment to eliminate exposure to a  continuous magnetic field of 10 milligauss or above.

• Computer media is extremely fragile and should be handled in such a manner that media or the containers holding media are never dropped or abused in any manner. A drop of 1 meter will damage media according to computer media manufacturers. (ECMA)

- Special devices must be employed to alert the storage company as well as the owner of the media that the media has suffered abuse during transit or while on site. (e.g. Shockwatch or equal)

• Cycling temperatures and humidity shorten the life of the media. The storage environment shall have an environmental system capable of controlling the temperature and humidity in a precise manner. Useful life is shortened by a factor of 3 times in poorly controlled storage environments. (per ANSI)

-Continuously cycling the media in temperature ranges greater than 5º F. (+/-) within a 24 hour increment of time creates damage within the recorded data.

- Cycling the media in humidity changes of as little as 5% (+/-) throughout the day also shortens the life of the media.

- Special care must be taken while the media is in transit to limit extreme changes in the temperature and humidity levels.

Given the physical constraints of the media and the thousands of usages that occur during its lifespan, coupled with the undesirable environmental conditions presented by the actual data center environment; media should be stored offsite in a duplicate state with these very special design considerations addressed by the storage vendor or the owner of the media.

The utmost concern with any storage vendor is the security of the media while in their care and management. Recent criminal and terrorist efforts to convert the value in the media via identity theft, competitive espionage and sabotage demand that comprehensive security must be provided by those vendors providing vault storage and transit services. The loss of media creates millions of dollars in damage whether it is by spoliation or theft or the excessive costs due to failed restores and back ups. The role of the offsite storage center shall be to serve as a safe and secure repository, as defined by compliance with these specifications, for all media under contract.

The overall security of the media cannot be guaranteed unless those intending to offer a bid on the storage service satisfy the specifications provided herein. Failure to knowingly comply with the following specifications shall create a contingent liability for the vendor on any damage that occurs to the media within their care. Compliance with these specification shall eliminate any negligence or liability claims.

No commercial storage entity will be considered as having delivered a responsive bid unless the bidding entity complies with the specifications provided herein by the defined contract date of this secure media storage agreement.

It is the goal of this document to follow certain terminology defined in National Fire Protection Association fire codes and standards. Therefore items specified as “Shall” are mandatory. Items specified as “Should” are recommended as “Best Practice” but are not mandatory. Terms within this specification may be found in the NFPA Standards or the ARMA Glossary.

A bidder may offer a bid which is non-responsive in certain minor deficiencies that would occur during the pre-contract audit of the facility, provided the vendor agrees to remedy the deficiency prior to initiation of the contract for storage services. The bidder may present other equivalent methods, if accepted by the client, to satisfy the criteria and intent of the client for absolute security of the media as defined within these specifications.

Any change in service that eliminates these required features shall be cause for termination of service. In the event the “Contract Vendor” is acquired by another company during the term of this contract; and, that vendor is unable or unwilling to provide these specific levels of security and service, the client may then terminate the contract at their sole discretion without penalties or fees.  The acquiring company must then deliver the media upon notice of termination of contract within 24 hours of demand at the price schedule of a normal 24-hour delivery rate.

REQUIRED FEATURES TO BE PROVIDED BY THE RESPONSIVE BIDDERS FOR THIS CONTRACT ARE AS FOLLOWS:

1) Access Control to the entire facility shall be required to limit access to only designated staff. An audit trail that described each an every visitor within the facility at any given time is required to limit the opportunity for arson or criminal acts. The facility shall be zoned in increasing levels of risk.  The vault shall be designated as the highest security level.

2) All entrance points to the building must be under continuous video camera surveillance to record the entry and exit of all personnel. Non-staff visitors must be accompanied at all times and documented with sign in logs and wear Visitor badges.

3) Environmental control is the one of the most critical issues with regard to increasing the longevity of the media. To assure the client, that proper ANSI environmental storage requirements are being provided, the service provider shall provide reporting software and monitoring devices within the vault. These devices will have the ability to make the client aware, via electronic reporting over the Internet, that their media is in the proper environment at all times.

a) Temperature shall be 68º F. (+/- 2º) at all times and the Relative Humidity shall be 35% (+/- 5%). These ranges shall be maintained 365 days per year with reporting hardware and software to allow the client’s records staff to view the vault’s current environmental conditions. (e.g. IT Watchdog monitor, AVTECH monitor or equal.) These units provide a real time designated Web Site that displays current conditions and alarm status for the vault chamber.

b) The vault monitoring system must be capable of reporting to the responsible party or owner of the facility any alarm condition for the vault via cell phone notification and/or text message so that prompt action can be taken to remedy problems that might damage media or contribute to a loss of media.

4) Proper handling is another critical element required to ensure the integrity of the data stored on the media units.

a) Any movement of media shall occur in approved containers that protect the media and have either locks or seal tags to prove that media has not been tampered with or accessed by non-approved individuals.

b) Containers shall be padded with foam or double walled containers (e.g. Douglas or Perm-a-Stor or equal) to protect the media from dirt, water and abuse in transit.

c) Each transport containers shall be equipped with “shockwatch” or other equivalent type of display tags” that change colors to indicate a drop equivalent to one meter (3.28 feet) has occurred.  These tags will allow the client to be aware of any damage that occurred while outside the data center and to immediately recreate the damaged media to prevent a failed restore or at worst a total loss of information. Such tags encourage careful treatment of the media as they easily can prove that rough handling has occurred during a data transfer.

d) The offsite storage company is responsible to immediately report any damage or drops that have occurred while the media was in their control.

e) A continual training program shall be devised so that all staff handling media are made aware of the special care that is required to avoid damage. The vendor shall certify that each employee has undergone training.

5) Delivery vans shall be outfitted so that media is secure and cannot fall during transit. Special padding should be utilized to protect the media from excessive motion or physical shocks during transit.

a) The vehicles shall have a type of locking mechanism that ensures that the media is safe in the van during routine stops. Heavy-duty locks shall be required. The vehicle shall automatically lock when the driver leaves the vehicle.

b) Vehicles shall provide a Geographic Positioning System (GPS) that assures the courier van is not making unscheduled stops that would allow for sabotage or theft; and, that allow the courier contractor to track the vehicle at any point in its route.

c) The vehicle shall be air conditioned in such a manner that it may be environmentally controlled when the vehicle is stopped. This is often referred to as a refrigerated vehicle as the environmental control continues even when the motor is not running.

d) Courier Vans shall be required to unload and load within a secure area of the offsite storage location building to avoid opportunity for theft or hijacking of the vehicle.

e) The vehicle shall have special grounding so no electrical or static type charges can damage the media.

f) The GPS System shall also monitor the on-board temperature and report to the base operator if the vehicle air conditioning fails to cool the media transport area.

6) All media shall be stored within a Class 125 Data Rated Media Vault Chamber with magnetic shielding to protect the media from catastrophic fire or magnetic fields that can damage the media. The vault shall carry a Class 125 Underwriters Laboratories (UL) Listing and Label to attest to its ability to protect media for a period of Two Hours without exceeding 125º F. which is the temperature at which media is destroyed.

a) The vault door assembly shall be a double door assembly with combination lock on the exterior door and key lock (or card access and key lock on the inner data rated door. 

i)  The Vault Door shall be equipped with an automatic closer to seal the vault in a fire.

ii) The vault door closer shall seal the vault upon detection of smoke, heat or a loss of power or notification from the internal fire alarm panel.   

iii) The vault shall be equipped such that air conditioning flow shall cease in a fire where the power is cut to the vault or the alarm panel signals that the environmental system (Heating/Cooling Equipment) shall be turned off.  In such case the automatic louver damper shall close and seal the vault air duct.

b) The vault shall be tested for vapor tightness as part of the Clean Agent Fire Suppression System to insure the proper gas concentrations should a fire occur within the vault.  The inner door of the vault shall have gasket seals to protect from smoke entry or vapor penetration.  The vault doors shall also provide door sweeps to protect against air movement around the door. 

c) The Vault shall carry a Class 125 rating attested to by a UL 72 Listing and Label as well as a certification statement that the vault has been installed per the NFPA 232 Protection of Records Standard and has been tested per the ASTM E-119 test procedure for five-hour fire or greater test duration.

d) The vault shall be certified each year to attest to the performance of the fire suppression system through a maintenance contract with an inspector skilled in the art as well as the re-certification of the vault and its locking mechanisms.

e) The cable trays that feed electrical service to the vault shall be approved and no direct metal-to-metal conduit penetrations shall be a part of the vault, as this would void the fire rating.

f) The vault walls and ceiling shall have a vapor barrier to ensure that smoke, steam or other contaminants cannot enter the vault area in a fire.

g) The vault shall be located such that the fire department shall have ease of access to fight a fire in the area of the vault. Vaults shall not be located below grade as this makes fire fighters’ access to the vault difficult in a fire.

h) The bid provider shall provide proof of a UL 72 Listing and Label on the Vault Chamber designated for client’s media storage by providing a copy of the Label from the Testing Laboratory or the Testing Laboratory Directory Listing that reference the Class 125 Fire Test performance of two hours or greater for the chamber as well as the vault door assembly.

7) The vault shall be equipped with a clean agent fire suppression system that has a current inspection and maintenance label (often referred to as a Green Tag) which is witnessed by the local fire marshal or Code Official. The purpose of the current certification is to prove the system is operational and has sufficient agent in the system to extinguish a fire within the vault chamber.

a) The clean agent type shall be zero residue, as well as of high dielectric strength to eliminate any chance of damage to the media or computer systems stored within a vault chamber.

b) Due to the ideal vapor-tight design of the vault, the clean agent shall carry a NOAEL certification (No Observable Adverse Effects Label) to assure that occupants of the vault are not exposed to a health hazard should they be in the vault during an activation.

c) The fire alarm panel shall report to the fire station or an intermediary monitoring station that will alert the fire department.

d) The area above the vault shall also provide a sprinkler system to further protect the vault but the vault shall have a water-shield roof deck to protect the vault from water intrusion.

8) The vault should not be located below grade as specified within the NFPA 232 Protection of Records Standard within the criteria for vault location. Basement levels of a building are more likely to flood, and vaults located below grade are subject to the cooking effect of debris falling over this storage area. Fighting fires below grade are difficult to access.

a) Vaults located in seismic activity zones should also avoid below grade location due to the danger of structural collapse of the building into the area, thus limiting access to the vault in a period of time where access to the media is most likely.

9) No portion of the building structure can serve as a wall of the vault as mandated within NFPA 232.  Vaults should be located near exterior walls of the building to limit fire exposure.

10) An alarm inspection shall be conducted annually to provide proof the stored media is secure from intrusion, theft or arson via a defined access control perimeter, building alarms and CCTV Surveillance. 

a) Every building entry point shall be under camera surveillance and access control systems.

b) All employees shall be prohibited from entering the facility without access control (card key, biometric or fob) and the system shall be such that a terminated employee can be removed from the system and their card made inactive.

c) All employees issued an access control that will allow them near the vault area must be bonded with current background checks and drug testing.

d) The vault foyer shall be the second highest level of security and the vault interior shall be the highest level of access control.

e) Only designated vault custodians shall have access to the vault without an escort.

f) The digital or tape recording device for the camera shall be in a secure location and shall be capable of being viewed via a secure web location with password.

g) The alarm panel for the vault and the clean agent tank that services the vault shall reside within the vault at the highest level of security.

11) Proof should be provided that the tracking software can identify the location of the media at any point in time during the delivery and pick up sequence and this sequence is married to a GPS system that assures the courier van is not making unscheduled stops that would allow for sabotage or theft.  

            a) The software should create the delivery route and pick up sequence to

 eliminate impromptu stops that could lead to theft or illicit duplication.

b) The software and GPS combination shall have the ability to alter the

route with management oversight

12) The procedures for handling media shall be identified for normal operation as well as synced with the Disaster Recovery Plans for the client. An exact timetable for delivery in normal operation as well as the timetable for an expedited or emergency delivery as would occur in a disaster shall be described.

a) Normal delivery shall be described as scheduled rotations as well as requests made by 10:00 AM and the delivery shall be the same afternoon by 4:00 PM.  An expedited delivery shall be considered a request requiring delivery within four hours of order. An emergency delivery shall be within two hours or less.

b) These schedule represent a Service Level Agreement between client and service provider. Continuous failure to meet these service levels shall constitute breach.

13) That the facility meets the requirements of the NFPA 232 Protection of Records Standard, which is the guideline that record centers, must follow to meet code and satisfy an audit by the local fire marshal for continued safe operation.

a) Vital Records Vaults shall be at a minimum a Class 350 Four Hour Vault for the protection of paper documents.

b) Vital Records Vaults that serve the purpose of protecting computer media shall also be required to provide a Class 125 Data Rating. This requires that the vault interior not exceed a temperature of 125º F. while at the same time ensuring that the relative humidity does not exceed 80%, as this would cause spoliation of the media.  Such spoliation of vital records in media format, as described in Sarbanes Oxley, Rule 26 and the Federal Rules on Electronically Stored Information, is prohibited.

c) Protection for Federal Records is more specifically described within 36 CFR, Part 1228, Subpart K.

d) Electronic Records stored in computer equipment, servers or disk shall be protected as described within NFPA 75 Protection of Information Technology.

e) The Underwriters Laboratories Standard “UL 72 Tests for Fire Resistance of Records Protection Equipment” shall be the specific test requirement for Computer Safes and Vaults utilized to protect vital computer media.

14) Employees of the offsite media vaulting contractor that handle vital media, computer records or confidential records that are specifically required to be protected within a vault chamber must meet special requirements.  (i.e. These employees could expose the client to an Identity Theft or security breach.) Therefore these staff members must, at a minimum, comply with the following criteria:

            a) Criminal Background Check.

b) Employment history check, Drug and alcohol screening with random drug screening to occur annually. Drivers shall provide proof of a Commercial Drivers License.

c) Staff handling confidential records must sign a confidentiality and non-disclosure agreement

d) Staff shall undergo training as to the fragile nature of media and computer records so as to insure media is handled properly.

e) Staff entering offsite storage facilities may not carry cameras, cell phones with cameras, PDA's that can load data or flash drives of any kind.

15) Uninterrupted Power Systems (UPS) for emergency back up power shall be available so that computers required for software access for the tracking of media shall be available at all times. The back up power shall apply to the clean agent fire suppression, the building perimeter alarms, card access controls as well as the fire sprinkler system alarm panel.

16) Media storage shall be in slotted environments ( e.g. Gemtrac, EDP, or equal.) or within containers with slots such as Douglas, Perm-A-Stor, Datatite or other transfer cases specifically designed to protect the media while in transport or during handling within the vault. (This specification shall not apply where the client provides the transfer cases.)

17) A defined procedure for courier van breakdown shall be part of the plan. In no event shall a vehicle be taken to a service garage with active media within the vehicle.

            a) A notification procedure shall be defined should this occur.

18) A Password control shall exist to ensure that no unauthorized deliveries of media shall occur. Any request for an unscheduled delivery must follow pre-designed  procedures to avoid media and information exposure.  All movement of media shall occur under the control of the Tape Management Software to avoid loss.

a) No one may show up at the offsite facility and request media without pre-authorization as defined in a separate set of procedures to be provided by the client and the affected department.

b) All visitors to the facility shall be scheduled in advance and require special identification badges or biometric scans to server as a unique identifier.

19) An errors and exceptions report shall be provided daily to the client’s designated contact for any media that does not deliver or return as defined in the schedule so immediate action can be taken. This report would describe requested media that is not offsite or media that arrives offsite that is not scheduled in the transfer log. Any and all exceptions shall be flagged for immediate resolution. The client must likewise report and discrepancies from their required delivery requests.

a) Both parties to this contract acknowledge that errors occur in the daily or weekly transfer of tape collections from on site to offsite.

b) The loss of tapes is not inherently the fault of the vendor as the IT Department may send a container with an incorrect number of tapes. Or the number of tapes may be correct but a blank or non-specified tape shall be misplaced in the collection. Sending via locked containers may help to eliminate such discrepancies.

c) Additionally, the offsite center may send the correct tapes, yet the IT center reuses this tape thus eliminating the files stored within the media unit thus creating the appearances of a lost tape.

d) Media units requested from an open source library may fail to make a shipment yet the tape is still within the offsite vault and is still safe an secure.

e) Therefore it is only through open and honest communications by both parties to openly expose all errors immediately that tape or information assets losses can be eliminated or minimized.

f) Provided a good faith effort is delivered by the offsite media vaulting agent, no claims shall be litigated unless gross negligence occurs on the part of the vendor.

20) A primary cause of lost data and identity theft is a failure in the tracking methodologies utilized by vendors for maintaining control of the media. Tracking systems should be able to document chain of custody, any/all transfer points, provide reports on demand, be updated by validated personnel only (and indicate the individual collecting or inputting the data.  In addition, the tracking system shall provide for time stamping all entries, collect seat locations, accommodate both a client and service provider identifier, be able to convert data to CSV or other non-proprietary format (for uploading into Excel or other systems for use by the client for special internal auditing), utilize both numeric and alpha data, allow for remote data transmission from a dock to a base unit. 

21) No smoking may occur anywhere within the confines of the facility as well as on the property where media is stored.

22) The vault facility shall have a dust filtration system to minimize dust within the media vault chamber. HEPA filters shall be used to provide this filtration and these filters shall be changed on a regular basis to preserve air quality.

a) If a mantrap is not provided, then walk off mats shall be used to eliminate tracking dust into the vault interior, which may damage the media over time.

b) Air circulation shall be no less than three times per hour to eliminate mold, mildew and bacteria in the media vault chamber. Special desiccant dehumidifiers are desired to minimize excess moisture in the vault chamber. (35% is the desired level)

c) No carpet can be in the vault area and preferably an anti-static floor and flame retardant surface should be provided. Sealed concrete is preferred.

d) Light fixtures within the vault chamber shall be dust and vapor resistant with arc breakers to guard against power surge.

23) Site Considerations that could pose a potential danger to the media vault should be evaluated for risk. Please describe in detail if any of the following apply:           

a) Is the site within the 100-year flood plain?

b) If the site resides within a Zone 2 or higher Seismic Area, then the vault should be designed to eliminate losses due to earthquake. Has the vault engineering design addressed this issue?

c) What is the proximity to fire department and police department should an emergency response occur? What is the fire department response time for the site?

d) The fire marshal shall visit the site on a bi-annual basis, to inspect for problems. (Sprinkler pumps, fire suppression and security system should be under annual maintenance contracts.) Please provide a current copy of this report.

24) Fire compartmentation is crucial to fire safety. Fire Compartmentation is described as the use of firewalls and fire-rated doors to prevent the spread of fire throughout the facility.  With regard to vaults, due to the high-value assets protected within, vaults shall not exceed 25,000 cubic feet of storage volume.  If additional volume is required, additional vault shall be utilized.  Buildings housing media vaults shall be designed with four-hour fire walls (as defined in fire code NFPA 232 Standard “Protection of Records”) that will stop or slow the spread of fire. Areas larger than 25,000 cubic feet are not considered by definition to be vault chambers.

25) No offices or personnel shall reside within the storage area demised by firewalls for the vault chamber.  These walls are to be 4-hour fire resistive walls capable of preventing the spread of fire or heat through the vault walls such that the records protected within the vault will be destroyed or damaged by the heat or fire exposure. In addition, fire barrier walls separating records storage compartments from the office area shall be a minimum of 2-Hour fire-resistive construction in accordance with NFPA 221.

a) The cleanliness of the mantrap area or staging area leading into the

 vault chamber shall be equivalent to the vault wherein HEPA filters are

required to maintain a dust level below 3 microns per cubic centimeter.

b) Walk-off mats (Stickie Mats) shall be utilized to remove dirt, mold and other contaminants from the footwear of staff entering the vault.

c) Per NFPA 75, vital media shall not be stored within the same area as the computer equipment due to the fire risk, heat and magnetic fields created by computers, servers and other processing equipment, unless divided by a firewall.

26) A licensed fire protection engineer shall be required to perform an annual inspection on the facility and provide a report to the client.

27) The service provider shall prepare a contact list of management personnel that can be contacted at any point in the day, week or year of the contract.  This list shall include office, home and cell phone numbers for each staff member.

28) The service provider shall likewise keep an active list of the client’s management personnel with emergency contact numbers in the event of an emergency or loss of data.

a) Lost or stolen data media shall be reported immediately to facilitate recovery. Loss shall be made known o the appropriate designated management personnel at the client’s site.

b) Any and all discrepancies shall be deemed serious and must be reported. 

29) The offsite service provider shall behave as an extension of the client with prudent behavior in all regards to comply with the intent of Sarbanes Oxley in assuring the protection of computer records for the client.

30) Loss, damage and spoliation are to be avoided and this requires complicit security at all phases of the lifecycle of the media. It is the intent of these specifications to enlist the support of the vendor in ensuring the media is always under control, protected from risk and available for restorations or discovery requests.

End of Specification