Page Section Navigation
Go to: Header
Go to: Utility Navigation
Go to: Primary Navigation
Go to: Content
Go to: Footer
Page Section Navigation
Go to: Header
Go to: Utility Navigation
Go to: Primary Navigation
Go to: Content
Go to: Footer
Accessing and Protecting Information
Security
We believe that every individual – every company – has the right to information protection, security and privacy, and we continually invest in best-in-class security and technology solutions.
About Us
Management Team
History
Historical Milestones
Company News
News Categories
Press Releases
Iron Mountain in the News
Corporate Responsibility
Ethics & Governance
Information Responsibility
Security
Compliance
Employee Advocacy
Community Engagement
Environmental Sustainability
Events
Partners
Customer Reference Program
Media Kit
Iron Mountain Tours
Awards and Honors
Industry Associations
Certifications and Standards
Certifications
Industry Leadership
Standards
Careers
Quick Job Search
Working for Iron Mountain
Jobs in Technology
Infrastructure
Enterprise Applications
Software Development
Iron Mountain India
Contact Us
For Investors

Our compliance practices are certified by the experts

Safeguarding our customers’ information is our top priority. We not only abide by the strictest of industry standards, we help set them.

Leadership in the Industry

Our commitment to the protection of our customers’ information has been recognized by our peers in the industry.

  • PCI Security Standards Council – We serve on the council and help shape the future development of PCI standards for safeguarding credit card data for thousands of customers across a variety of industries – insight that is critical to the adoption of the PCI standard by other service provider companies.
  • National Association for Information Destruction (NAID) – We have taken a leadership role with NAID, helping in the development of standards that focus on operational workflows and security.
  • PRISM International (Professional Records & Information Services Management) – We are also founding members of PRISM International, a non-profit organization comprised of service providers like Iron Mountain who supply their customers with physical and digital information protection, access, retention, storage and disposal.

Compliance with Industry Standards

Some of the compliance requirements and industry standards we adhere to are:

  • HIPAA Compliance – Iron Mountain has long provided our customers with Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rule compliant services in our capacity as a valued Business Associate to numerous HIPAA Covered Entities.
  • Sarbanes-Oxley – As a public company Iron Mountain is required by law to be in compliance with Sarbanes-Oxley, and all of our systems, security procedures and operations are compliant.
  • NAID AAA Certification – Iron Mountain’s Secure Shredding service is AAA certified by the National Association for Information Destruction (NAID). Iron Mountain is the largest secure shredding vendor to achieve NAID certification.
  • Payment Card Industry (PCI) Data Security Standard Compliance – Our records management, data protection and shredding businesses are all PCI compliant for 2011. Iron Mountain is proud to be recognized on the list of "compliant service providers" published by Visa and is defined as a Level 1 service provider.
  • SysTrust Certification – Rigorous audits of our policies, systems and technologies are undertaken by Ernst & Young to earn Iron Mountain’s SysTrust certification.
  • Massachusetts Privacy Law (201 CMR 1700) – Iron Mountain has developed, implemented, and maintains a comprehensive information security program that is reasonably designed to be in compliance with the provisions of Massachusetts 201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth.
  • The European Union Data Protection Act – As of August, 2011, Iron Mountain re-certified its compliance with the European Union/USA Safe Harbor Framework, and with the Swiss/USA Safe Harbor Framework.
  • Canada – Personal Information Protection and Electronic Documents Act (PIPEDA) – Iron Mountain Canada Corporation has implemented practices designed to comply with the requirements of PIPEDA.
  • U.S.  Fair and Accurate Credit Transactions Act (FACTA) Disposal Rule – Iron Mountain has implemented and maintains a program to assist customers that are required to comply with the FACTA Disposal Rule. Except for those records that a customer specifically identifies in writing as not containing consumer information (as defined in 16 CFR Section 682.1 or personal data, reasonable measures are used to protect against unauthorized access to or use of consumer information. Iron Mountain has implemented and monitors compliance with policies and procedures that require the burning, pulverizing, or shredding of papers containing consumer information so that the information cannot practicably be read or reconstructed. Additionally, Iron Mountain has implemented and monitors compliance with policies and procedures that require the destruction or erasure of electronic media containing consumer information so that the information cannot practicably be read or reconstructed.
  • U.S. State Privacy Legislation – Legislation has been enacted in at least 46 states as well as the District of Columbia, Puerto Rico, and the U.S. Virgin Islands requiring or further refining the requirement that companies and/or state agencies disclose to consumers a security breach involving their personal information. In order to assist customers with complying with these state laws, Iron Mountain maintains a list of current state legislation regarding breaches of data security and reporting requirements, and has established a process to report personal data privacy and security breaches.


  • Our Taking CARE Commitment
Email This PagePrinter FriendlyShare This
Taking Care - Iron Mountain's Sustainability Statement
Awards and Recognition

In 2011, Iron Mountain is again ranked as one of the nation's most secure companies by Security Magazine

InformationWeek ranks Iron Mountain in top 50 of nation’s most innovative users of technology

Security Magazine ranks Iron Mountain as one of the nation's most secure companies in 2009