Iron Mountain Achieves SysTrust Certification from Ernst & Young

Iron Mountain is committed to protecting and storing our customers' information as if it were our own. To that end, we are pleased to announce that Iron Mountain has achieved SysTrust certification—an audit of our IT systems by an outside, independent auditor to ensure we have appropriate internal controls in place for security, availability, processing integrity and confidentiality of our IT infrastructure environment.

SysTrust certification is a rigorous process developed by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA) to provide independent assurances that an organization's systems are reliable and operate without material errors, faults or failures. Our SysTrust certification focuses on four essential principles: (1) security, (2) availability, (3) processing integrity and (4) confidentiality. Each principle is supported by well-defined and detailed criteria that encompass an organization's infrastructure, software, people, procedures and data.

Iron Mountain engaged Ernst & Young (E&Y) to perform the SysTrust audit, which was certified on March 9, 2009. This certification process encompasses Iron Mountain's general IT infrastructure, including: our data center operations, server configuration and database administration, storage management systems and disaster recovery processes; as well as our network operations, system monitoring tools and processes, system security (both logical and physical), change management and common support processes. Iron Mountain intends to renew this certification annually.