Iron Mountain Achieves SysTrust® Certification from Ernst & Young
Download the Service Organization Control (SOC) 3 Report
Iron Mountain is committed to protecting and storing our customers' information as if it were our own. To that end, we are pleased to announce that Iron Mountain has achieved SysTrust certification—an audit of our IT systems by an outside, independent auditor to ensure we have appropriate internal controls in place for security, availability and confidentiality of our IT infrastructure environment.
SysTrust certification is a rigorous process developed by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA) to provide independent assurances that an organization's systems are reliable and operate without material errors, faults or failures. Our SysTrust certification focuses on four essential principles: (1) security, (2) availability, (3) processing integrity and (4) confidentiality. Each principle is supported by well-defined and detailed criteria that encompass an organization's infrastructure, software, people, procedures and data.
Iron Mountain engaged Ernst & Young (E&Y) to perform the SOC Compliance Audit, which was certified on March 16, 2015. This certification process encompasses Iron Mountain's general IT infrastructure, including: our data center operations, server configuration and database administration, storage management systems and disaster recovery processes; as well as our network operations, system monitoring tools and processes, system security (both logical and physical), change management and common support processes. Iron Mountain intends to renew this certification annually.
Iron Mountain’s Secure Shredding service is AAA certified by the National Association for Information Destruction. Iron Mountain is proud to have taken a leadership role in the development of NAID’s standards, which focus on operational workflows and security. We are the largest shredding vendor to achieve NAID certification.