Comprehensive Data centre compliance overview

Solution Guides

When it comes to compliance, choose a data centre partner that stands above the rest. Check out our comprehensive compliance overview.

20 July 20206 mins
Comprehensive Data Center Compliance Overview- People in a meeting

Comprehensive compliance

Iron Mountain has the most comprehensive compliance program in the colocation industry. Since 2016, Iron Mountain Data Centres has continued to outpace other providers in various disciplines of regulatory compliance and risk management.

In addition to certifications provided by most data centres, we go above and beyond with certifications and reports that ensure the highest federal security standards possible and reinforce our commitment to continual improvement in energy efficiency efforts.

A coordinated global approach to compliance

At Iron Mountain, we offer a coordinated global compliance approach. Our customers receive the same level of compliance across our portfolio.

All Iron Mountain Data Centres have:

  • ISO 27001
  • SSAE18 SOC 2 (Type II)/SOC 3*
  • ISO 50001
  • Green Power Pass

Regional certifications

We respect and comply with local nuances, and offer a consistent product, tailored on local requirements in each geography.

In North America, we provide NIST SP 800-53*, FISMA HIGH, FedRAMP and HIPAA (Type I). What sets us apart is not only the list of certifications and reports (PCI-DSS, ISO27001, SOC 2 (Type II), SOC 3, HIPAA Type I, NIST 800-53), but the level of compliance we attain. With our NIST 800-53 report, we employ the control sets at the highest, most enhanced level by NIST, enabling us to align with FISMA HIGH and FedRAMP Physical and Environmental (P&E) controls.

In Asia, we provide OSPAR.

In Europe, we provide 450001 (London), and ISO 9001 and ISO 14001 (Amsterdam).

Three things that set our compliance program apart

1. NIST SP 800-53 Compliance is available at all Iron Mountain Data Centres in the U.S.

Being compliant with NIST SP 800-53 controls are a key component in delivering a high quality, secure and reliable data centre product to regulated markets, including the U.S. federal government, the U.S. financial and banking market, and subcontractors of both industries. We utilize the NIST SP 800-53 report to meet strict physical and environmental controls which align with FISMA and FedRAMP high requirements, holding us to the highest standards possible.

2. Iron Mountain Is The First Colocation Provider To Add Physical And Environmental Control Mapping To The New Department Of Defense Cybersecurity Maturity Model Certification (CMMC) Through Our NIST 800-53 Report.

Like FISMA and FedRAMP, we have mapped existing physical and environmental controls from our NIST SP 800-53 report to the new Department of Defense CMMC control set. This set of newly published requirements are being constructed as the highest federal security compliance standard that the DoD and its subcontractors are required to meet.

3. Iron Mountain Data Centres Is The Only Global Colocation Data Centre Provider To Have An Enterprise-Wide ISO 50001 Certified Energy Management System.

As a colocation data centre provider, energy use is a hot topic. At Iron Mountain Data Centres, we are committed to utilizing our energy in a responsible way by being as efficient as possible. Through ISO 50001, we are held to strict standards on how we demonstrate evidence of continual improvement in our energy efficiency efforts, and how we engage all parts of the business to accelerate our program each year. We are audited annually on these efforts through an accredited third-party assessor specializing in environmental and energy management.


We don't just talk about responsible energy use, we live it.

Elevate the power of your work

Get a FREE consultation today!

Get Started