A step ahead what sets our data center compliance program apart (part 1)

Blogs and Articles

When it comes to compliance, Iron Mountain Data Centers (IMDC) is forging new paths. Jim Henry, Manager of Global Compliance, shares why IMDC is a leader in the industry.

July 13, 20227 mins

When it comes to compliance, Iron Mountain Data Centers (IMDC) is forging new paths. Jim Henry, Manager of Global Compliance, shares why IMDC is a leader in the industry.

When selecting a data center partner, there are many critical things to evaluate. Security, availability, sustainability, and location are key considerations, but compliance typically intertwines with all these aspects. That said, verifying certifications and reports is at the forefront of determining the overall risk of your colocation partner.To secure your mission critical infrastructure, you’ll need a colocation partner with a wide-ranging, comprehensive compliance program that aims to constantly improve.So, what sets a compliance program apart? Ideally, one of the best ways to evaluate compliance is to review a data center’s certifications and third-party reports, in addition to asking questions about the future of the program.

Why Are Information Security Audits So Important?

A colocation provider mitigates risk through employing physical and environmental controls from an operational and security standpoint. These controls usually derive from popular risk management and information security standards such as ISO 27001, COBIT, or NIST.

Ensuring proper redundancy, maintenance, and operation of critical infrastructure, along with upkeep and continual improvement of an information security program, are large components of a comprehensive compliance program. However, these controls are only meaningful externally when validated by an objective, independent, third party audit firm.

In addition to controls being in place, proper leadership buy-in is critical in a well-operated Compliance and Risk program. To attain the certifications and reports that demonstrate enterprise risk management, areas such as management participation, awareness, and constant evolution are what separates an efficient program from one that is not well established or mature. That, in turn, benefits customers by giving reassurance that all levels of the organization are involved with availability and security of information assets.

What Certifications Are Needed?

Your colocation provider should have industry standard compliance practices in place at a minimum, starting with a SOC 2 report and ISO27001 implemented.

These two demonstrations of compliance can provide the customer and even their customers the message that a proper Information Security Management System is in place, and that technical audits occur regularly. Depending on your industry, you may also require regulatory frameworks outside of SOC and ISO. Choosing a colocation partner with a comprehensive compliance program ensures you have the certifications your industry requires.


To find out more about Our Data Center Compliance Program go to A Step Ahead What Sets Our Data Center Compliance Program Apart (Part 2).