Iron Mountain Achieves Service Organization Control (SOC) Certification from Ernst & Young
Download the Service Organization Control (SOC) 3 Report
Iron Mountain is committed to protecting and storing our customers' information as if it were our own. To that end, we are pleased to announce
that Iron Mountain has continued to achieve SOC certification, formerly SysTrust®, an audit of our IT systems by an outside, independent
auditor to ensure we have
appropriate internal controls in place for security, confidentiality, and availability of our IT infrastructure environment.
SOC certification is a rigorous process developed by the American Institute of Certified Public Accountants (AICPA) to
provide independent assurances that an organization's systems are reliable and operate without
material errors, faults or failures. Our SOC certification is based on three Trust Services Principles: (1) Security, (2) Confidentiality and
(3) Availability. Each principle is supported by well-defined and detailed criteria that encompass an organization's
infrastructure, software, people, procedures and data. Iron Mountain maintains a SOC2 report, as well as the public facing SOC3 report,
link to download above.
Iron Mountain continued to engage Ernst & Young (E&Y) to perform the SOC Compliance Audit.
We have maintained this certification for a number of years, and our most recent certification was issued on February 24, 2017,
and covers the period January 1, 2016 to December 31, 2016.
This certification process encompasses Iron Mountain's general IT infrastructure, including: our data center operations, server
configuration and database administration, storage management systems and disaster recovery processes; as well as our network
operations, system monitoring tools and processes, system security (both logical and physical), change management and common
support processes. Iron Mountain intends to renew this certification annually.
Iron Mountain’s Secure Shredding service is AAA certified by the
National Association for Information Destruction.
Iron Mountain is proud to have taken a leadership role in the development of NAID’s standards, which focus on
operational workflows and security. We are the largest shredding vendor to achieve NAID certification.