Announcement: Iron Mountain InSight® Achieves ISO 27001 Certification
Independent evaluation demonstrates Iron Mountain’s commitment to compliance and security for SaaS Artificial Intelligence (AI) and Machine Learning (ML) offerings to keep our customer information assets secure.
Iron Mountain InSight has achieved the ISO/IEC 27001:2013 certification, the international standard for information security management systems (ISMS). Established by the International Organization for Standardization (ISO), the ISO 27001 certification requires the assessment of an organization’s information security management controls. Coalfire ISO, Inc., a third party assessment organization (3PAO) accredited through the ANSI-ASQ National Accreditation Board (ANAB), independently inspected the management system in place for InSight against 114 controls. Compliance with this standard demonstrates Iron Mountain’s commitment to monitoring adherence to best practices through repeatable processes including data transmission, storage, access controls, logging, operations, cryptography, management of third parties, incident management and tracking of threats.
This step for Iron Mountain InSight establishes common ISMS controls and procedures for running in a secure cloud hosted environment. This is a shared compliance framework with Google Cloud Platform (GCP) and Iron Mountain global security standards. The ISMS developed applies to the people, processes and IT systems encompassing the global infrastructure supported by Iron Mountain InSight running ML/AI capabilities on the GCP framework.
Iron Mountain InSight’s ISO 27001 certification allows us to work with customers to meet their needs and expectations for security controls and information handling. The ISO 27001 certification establishes a leadership commitment to the ISMS by ensuring proper organizational awareness, communications, staffing and objectives for the InSight program. Going a step further, the certification provides a set of policies, which align with our customer security commitments to comply with relevant laws and regulations.