The NIH Computer Center provides a secure computing environment suitable for hosting critical applications and sensitive data. Physical and environmental controls protect the machine room itself from interruptions and unauthorized intrusions, and technical controls on all platforms provide the capability to protect applications and data from unauthorized disclosure and manipulation. The Computer Center has an uninterruptible power supply (UPS), physical access control procedures, climate control, a central backup and recovery system, a disaster recovery program, and security management and operations procedures for all platforms to ensure the confidentiality, integrity, and availability of customer applications and data.

The Computer Center’s staff members manage and monitor all host systems to ensure continued availability and effective operations. CIT’s security management program continually reviews and refines security operations.

The OS/390 (Titan), Unix (EOS), and Windows systems undergo annual SAS 70 Type II security audits. These audits validate the Titan, EOS, and Windows systems as suitable for hosting critical applications and sensitive data. The audits are conducted by independent auditors, under the direction of the HHS Office of Inspector General.

The SAS 70 Type II audit is a rigorous standard widely accepted by industry and government. A SAS 70 audit assures managers of financial and other applications that the NIH Computer Center employs highly effective security and controls.

The NIH Computer Center, as a federal government facility, abides by all federal government security policies.