Data Center Security & Compliance

AMS-IX has an ongoing program intended to ensure that technical infrastructure, operational documentation and processes are in place to secure continuity of AMS-IX services. Capitoline/AMS‐IX audit standards are utilized and based on the relevant requirements of many existing standards (including EN50600 and ISO 27000) and years of best practice data centre operational management.

The ANSI/TIA-942 Standard covers the telecommunications infrastructure and all other aspects of a mission-critical data center, such as the site location, architectural and physical structure of the building, electrical and mechanical infrastructure, fire safety and physical security. TIA-942 covers all types of data centers including enterprise and commercial data centers of any kind (SaaS , Cloud, Co-location, Wholesale etc.). The specification references private and public domain data center requirements for data center infrastructure elements such as: network architecture, electrical design, mechanical systems, fire safety, physical security, efficiency and system redundancy for electrical, mechanical and telecommunication.

The Green Mark certification is a green building rating system designed to evaluate a building’s environmental impact and performance. It provides a comprehensive framework for assessing the overall environmental performance of new and existing buildings to promote sustainable design,and best practices in construction and operations in buildings.

The BREEAM New construction standards provide a framework to deliver high performing, and sustainable, newly built assets that support commercial success, whilst also creating positive environmental and social impact. Each standard uses a common framework that is adaptable to the asset’s location, allowing for international consistency and comparability.

ENERGY STAR certified buildings save energy, save money, and help protect the environment by generating fewer greenhouse gas emissions than typical buildings. To be certified as ENERGY STAR, a building must meet strict energy performance standards set by EPA.

FedRAMP High impact level is the standard for security required by the federal government to protect sensitive, unclassified data in cloud computing environments.

FISMA (Federal Information Security Management Act) compliance is data security guidance set by FISMA and the National Institute of Standards and Technology (NIST).

Green Lease Leaders is a national recognition program honoring landlords, tenants, and partnering real estate practitioners from a variety of sectors that incorporate green leasing to drive high-performance and healthy buildings.

The Health Insurance Portability and Accountability Act (HIPAA) is a US law designed to provide privacy standards to safeguard Protected Health Information (PHI) and electronic PHI (e-PHI). Iron Mountain data centers are HIPAA compliant and independently audited annually to ensure maximum security and minimum risk.

IMDC aligns with HITRUST through its SOC 2 Report. HITRUST derives from a standard report that provides a consistent representation of risk exposure, compliance posture and corrective actions that allow for benchmarking of results against security practices at similar organizations in the industry.

ISO 14001 is the international standard that prescribes strict controls for environmental management that push organizations to minimize how their operations negatively impact the environment and continually improve the way in which they operate, from an environmental perspective.

The ISO 22301 business continuity standard has been designed to assist companies in the implementation of a business continuity management system (BCMS) that is appropriate to its needs and meets its leaderships’ and customers' requirements.

ISO 27001 is a globally recognized security standard that ensures the establishment of an Information Security Management System (ISMS) within an organization to oversee the effective implementation of a comprehensive set of security controls and best practices. This certification establishes common Information Security Management Systems (ISMS) controls and procedures for Iron Mountain InSight® running in a secure cloud hosted environment

ISO 45001 is the world’s first International Standard dealing with health and safety at work. This standard for management systems offers a single, clear framework for all organizations wishing to improve their OH&S performance. The goal of ISO 45001 is the reduction of occupational injuries and diseases, including promoting and protecting physical and mental health.

ISO 50001 is a globally recognized energy performance standard that ensures the establishment of an Energy Management System (EnMS) within an organization to oversee implementation of a comprehensive set of energy management controls and best practices. All Iron Mountain colocation facilities are ISO 50001 certified to maximize energy efficiency at each facility across our portfolio.

ISO 9001 is a globally recognized quality management standard that ensures the establishment of a Quality Management System (QMS) within an organization to oversee the effective implementation of a comprehensive set of quality controls and best practices. Iron Mountain has achieved certification with ISO 9001 to demonstrate our commitment to measure and continually improve service delivery and customer satisfaction.

NIST SP 800-53 Compliance ensures a high quality, secure, and reliable data center product to the regulated markets sector, which includes the U.S. federal government, U.S. financial and banking sector, and subcontractors of both. Iron Mountain utilizes the NIST SP 800-53 report to meet strict physical and environmental controls which align with FISMA HIGH and FedRAMP requirements, holding us to the highest standards possible.

Outsourced Service Provider Audit Report (OSPAR) is a report that complies with The Association of Banks in Singapore’s (ABS)1 guidelines. It provides credibility to the outsourced service provider and reassures financial institutions that the OSPAR certified organization maintains an equivalent level of governance, rigor and processes as Financial Services are required to adhere to in Singapore.

The Payment Card Industry Security Standard (PCI DSS) is a set of security standards that applies to all providers that store, process or transmit cardholder data (CHD). Iron Mountain Data Centers obtains an independent Attestation of Compliance for all controls that apply to the colocation services at all facilities on an annual basis.

Iron Mountain Data Centers demonstrates compliance with the AICPA’s Trust Services Principles of Security and Availability with an annual independent SOC 2 Type II audit across all facilities.

The Service Organization Control (SOC) 3 Report is an audit performed by an outside, independent auditor to ensure appropriate internal controls for the IT infrastructure environment are in place. A SOC 3 report outlines IMDC’s compliance and is available publicly.