Data Center Security & Compliance

Green Lease Leaders is a national recognition program honoring landlords, tenants, and partnering real estate practitioners from a variety of sectors that incorporate green leasing to drive high-performance and healthy buildings.

The Service Organization Control (SOC) 3 Report is an audit performed by an outside, independent auditor to ensure appropriate internal controls for the IT infrastructure environment are in place. Iron Mountain Data Centers demonstrates compliance with the AICPA’s Trust Services Principles of Security and Availability with an annual independent SOC 2 Type II audit across all facilities. A SOC 3 report outlines IMDC’s compliance and is available publicly.

The Payment Card Industry Security Standard (PCI DSS) is a set of security standards that applies to all providers that store, process or transmit cardholder data (CHD). Iron Mountain Data Centers obtains an independent Attestation of Compliance for all controls that apply to the colocation services at all facilities on an annual basis.

ISO 27001 is a globally recognized security standard that ensures the establishment of an Information Security Management System (ISMS) within an organization to oversee the effective implementation of a comprehensive set of security controls and best practices. This certification establishes common Information Security Management Systems (ISMS) controls and procedures for Iron Mountain InSight® running in a secure cloud hosted environment

ISO 50001 is a globally recognized energy performance standard that ensures the establishment of an Energy Management System (EnMS) within an organization to oversee implementation of a comprehensive set of energy management controls and best practices. All Iron Mountain colocation facilities are ISO 50001 certified to maximize energy efficiency at each facility across our portfolio.

ISO 14001 is the international standard that prescribes strict controls for environmental management that push organizations to minimize how their operations negatively impact the environment and continually improve the way in which they operate, from an environmental perspective.

IMDC aligns with HITRUST through its SOC 2 Report. HITRUST derives from a standard report that provides a consistent representation of risk exposure, compliance posture and corrective actions that allow for benchmarking of results against security practices at similar organizations in the industry.

The Health Insurance Portability and Accountability Act (HIPAA) is a US law designed to provide privacy standards to safeguard Protected Health Information (PHI) and electronic PHI (e-PHI). Iron Mountain data centers are HIPAA compliant and independently audited annually to ensure maximum security and minimum risk.

FISMA (Federal Information Security Management Act) compliance is data security guidance set by FISMA and the National Institute of Standards and Technology (NIST).

FedRAMP High impact level is the standard for security required by the federal government to protect sensitive, unclassified data in cloud computing environments.

NIST SP 800-53 Compliance ensures a high quality, secure, and reliable data center product to the regulated markets sector, which includes the U.S. federal government, U.S. financial and banking sector, and subcontractors of both. Iron Mountain utilizes the NIST SP 800-53 report to meet strict physical and environmental controls which align with FISMA HIGH and FedRAMP requirements, holding us to the highest standards possible.

ISO 45001 is the world’s first International Standard dealing with health and safety at work. This standard for management systems offers a single, clear framework for all organizations wishing to improve their OH&S performance. The goal of ISO 45001 is the reduction of occupational injuries and diseases, including promoting and protecting physical and mental health.

The ANSI/TIA-942 Standard covers the telecommunications infrastructure and all other aspects of a mission-critical data center, such as the site location, architectural and physical structure of the building, electrical and mechanical infrastructure, fire safety and physical security. TIA-942 covers all types of data centers including enterprise and commercial data centers of any kind (SaaS , Cloud, Co-location, Wholesale etc.). The specification references private and public domain data center requirements for data center infrastructure elements such as: network architecture, electrical design, mechanical systems, fire safety, physical security, efficiency and system redundancy for electrical, mechanical and telecommunication.

ISO 9001 is a globally recognized quality management standard that ensures the establishment of a Quality Management System (QMS) within an organization to oversee the effective implementation of a comprehensive set of quality controls and best practices. Iron Mountain has achieved certification with ISO 9001 to demonstrate our commitment to measure and continually improve service delivery and customer satisfaction.

Outsourced Service Provider Audit Report (OSPAR) is a report that complies with The Association of Banks in Singapore’s (ABS)1 guidelines. It provides credibility to the outsourced service provider and reassures financial institutions that the OSPAR certified organization maintains an equivalent level of governance, rigor and processes as Financial Services are required to adhere to in Singapore.