Data Center Security & Compliance

Secure & compliant data centers to meet your industry and business standards anywhere across the globe.
Data Center Security and Compliance

Data Center Security & Compliance

Secure & compliant data centers to meet your industry and business standards anywhere across the globe.
  1. Data Centers
  2. Security & Compliance

A Secure Data Center Partner

Security and compliance are part of Iron Mountain’s DNA. Our data centers are no different. We operate the most secure, efficient and compliant data center facilities in the industry.

Get In Touch

Secure, Sustainable & Scalable

Iron Mountain is committed to data center solutions that are socially and environmentally responsible. Companies choose Iron Mountain for our ability to help them achieve their own sustainability goals. As the provider of energy for client off site IT equipment, Iron Mountain is a key provider to our customers total renewable energy purchases.

We were the first colocation signatory to The Climate Pledge and the only provider in the world committed to meeting every kilowatt hour of usage with local carbon free energy, every hour of each day, everywhere.

Each newly constructed colocation site will achieve BREEAM green building certification and we're investing in our existing fleet of facilities to maximize energy efficiency and water conservation.

Customers in Iron Mountain Data Centers recognize the power their IT equipment consumes at Iron Mountain as their own energy footprint, and recognize it as 100% renewable using Iron Mountain's Green Power Pass product in alignment with GHG reporting protocols. We purchase impactful renewable energy at scale and provide it to clients as they need it, from a single rack to an entire data hall.


Iron Mountain Data Center Offers:

  • SOC 2 (Service Organization Controls)

  • ISO 9001 (Quality Management)

  • ISO 27001 (information security)

  • PCI-DSS (AoC)

  • ISO 50001 (energy management)

  • ISO 14001 (environmental management)

In North America, we offer NIST SP 800-53, FISMA HIGH, FedRAMP and HIPAA compliance. In Asia, we offer ABS OSPAR. We also offer ISO 45001 at Phoenix and London

- Watch Senior Manager, Global Risk & Compliance, Jim Henry, as he explains what sets our data center compliance program apart.

The Value of our
Unique Compliance Program
Iron Mountain Data Centers
5 Things to ask your
data center about compliance

Optimal Efficiency

Efficiency drives down overheads, delivering economic as well as environmental benefits. Iron Mountain offers 99.999% uptime and a full range of third-party data center standards. However, we see data center compliance as a by-product of a culture of continuous improvement, and this drives ever more efficient design and operation.

Learn more

Data Center Security as Standard

Security is what we are famous for at Iron Mountain, and the data we care for inside of our data centers is more valuable than ever.

Our business was founded on protecting our customers’ most valuable assets. We are the trusted guardian for more than 230,000 customers including 95% of the Fortune 1000. The world’s most heavily regulated organizations have trusted us for decades.

We have built some of the world’s most secure data centers, both aboveground and underground. Government organizations to whom data center security is paramount look to us to guard their precious data with a multi-layered and constantly evolving physical and logical approach.

Our standardized processes and culture of continuous improvement ensure maximum security and year-on year enhancements, endorsed by internationally-recognized third party certifications. Worldwide.

World-Leading Data Center Compliance

Iron Mountain has the most comprehensive compliance program in the colocation industry. We go above and beyond to ensure the highest national and regional data center security standards possible, with continuous improvement in design, operation, security, and efficiency.

We are the only colocation provider to have global data center certification for information security (ISO 27001), energy management (ISO 50001), environmental management (ISO 14001), and quality management (ISO 9001).

We have a coordinated approach to global compliance, and all customers receive set levels of compliance across our portfolio, with additional region-specific certifications as needed.

Compliant Data Center


AMS-IX Standard

AMS-IX has an ongoing program intended to ensure that technical infrastructure, operational documentation and processes are in place to secure continuity of AMS-IX services. Capitoline/AMS‐IX audit standards are utilized and based on the relevant requirements of many existing standards (including EN50600 and ISO 27000) and years of best practice data centre operational management.


The ANSI/TIA-942 Standard covers the telecommunications infrastructure and all other aspects of a mission-critical data center, such as the site location, architectural and physical structure of the building, electrical and mechanical infrastructure, fire safety and physical security. TIA-942 covers all types of data centers including enterprise and commercial data centers of any kind (SaaS , Cloud, Co-location, Wholesale etc.). The specification references private and public domain data center requirements for data center infrastructure elements such as: network architecture, electrical design, mechanical systems, fire safety, physical security, efficiency and system redundancy for electrical, mechanical and telecommunication.

BCA Green Mark Platinum

The Green Mark certification is a green building rating system designed to evaluate a building’s environmental impact and performance. It provides a comprehensive framework for assessing the overall environmental performance of new and existing buildings to promote sustainable design,and best practices in construction and operations in buildings.


The BREEAM New construction standards provide a framework to deliver high performing, and sustainable, newly built assets that support commercial success, whilst also creating positive environmental and social impact. Each standard uses a common framework that is adaptable to the asset’s location, allowing for international consistency and comparability.

EPA Energy Star

ENERGY STAR certified buildings save energy, save money, and help protect the environment by generating fewer greenhouse gas emissions than typical buildings. To be certified as ENERGY STAR, a building must meet strict energy performance standards set by EPA.


FedRAMP High impact level is the standard for security required by the federal government to protect sensitive, unclassified data in cloud computing environments.


FISMA (Federal Information Security Management Act) compliance is data security guidance set by FISMA and the National Institute of Standards and Technology (NIST).

Green Lease Leaders

Green Lease Leaders is a national recognition program honoring landlords, tenants, and partnering real estate practitioners from a variety of sectors that incorporate green leasing to drive high-performance and healthy buildings.


The Health Insurance Portability and Accountability Act (HIPAA) is a US law designed to provide privacy standards to safeguard Protected Health Information (PHI) and electronic PHI (e-PHI). Iron Mountain data centers are HIPAA compliant and independently audited annually to ensure maximum security and minimum risk.


IMDC aligns with HITRUST through its SOC 2 Report. HITRUST derives from a standard report that provides a consistent representation of risk exposure, compliance posture and corrective actions that allow for benchmarking of results against security practices at similar organizations in the industry.

ISO 14001

ISO 14001 is the international standard that prescribes strict controls for environmental management that push organizations to minimize how their operations negatively impact the environment and continually improve the way in which they operate, from an environmental perspective.

ISO 22301

The ISO 22301 business continuity standard has been designed to assist companies in the implementation of a business continuity management system (BCMS) that is appropriate to its needs and meets its leaderships’ and customers' requirements.

ISO 27001

ISO 27001 is a globally recognized security standard that ensures the establishment of an Information Security Management System (ISMS) within an organization to oversee the effective implementation of a comprehensive set of security controls and best practices. This certification establishes common Information Security Management Systems (ISMS) controls and procedures for Iron Mountain InSight® running in a secure cloud hosted environment

ISO 45001

ISO 45001 is the world’s first International Standard dealing with health and safety at work. This standard for management systems offers a single, clear framework for all organizations wishing to improve their OH&S performance. The goal of ISO 45001 is the reduction of occupational injuries and diseases, including promoting and protecting physical and mental health.

ISO 50001

ISO 50001 is a globally recognized energy performance standard that ensures the establishment of an Energy Management System (EnMS) within an organization to oversee implementation of a comprehensive set of energy management controls and best practices. All Iron Mountain colocation facilities are ISO 50001 certified to maximize energy efficiency at each facility across our portfolio.

ISO 9001

ISO 9001 is a globally recognized quality management standard that ensures the establishment of a Quality Management System (QMS) within an organization to oversee the effective implementation of a comprehensive set of quality controls and best practices. Iron Mountain has achieved certification with ISO 9001 to demonstrate our commitment to measure and continually improve service delivery and customer satisfaction.

NIST SP 800-53

NIST SP 800-53 Compliance ensures a high quality, secure, and reliable data center product to the regulated markets sector, which includes the U.S. federal government, U.S. financial and banking sector, and subcontractors of both. Iron Mountain utilizes the NIST SP 800-53 report to meet strict physical and environmental controls which align with FISMA HIGH and FedRAMP requirements, holding us to the highest standards possible.


Outsourced Service Provider Audit Report (OSPAR) is a report that complies with The Association of Banks in Singapore’s (ABS)1 guidelines. It provides credibility to the outsourced service provider and reassures financial institutions that the OSPAR certified organization maintains an equivalent level of governance, rigor and processes as Financial Services are required to adhere to in Singapore.


The Payment Card Industry Security Standard (PCI DSS) is a set of security standards that applies to all providers that store, process or transmit cardholder data (CHD). Iron Mountain Data Centers obtains an independent Attestation of Compliance for all controls that apply to the colocation services at all facilities on an annual basis.

SOC 2 Compliance

Iron Mountain Data Centers demonstrates compliance with the AICPA’s Trust Services Principles of Security and Availability with an annual independent SOC 2 Type II audit across all facilities.

SOC 3 Compliance

The Service Organization Control (SOC) 3 Report is an audit performed by an outside, independent auditor to ensure appropriate internal controls for the IT infrastructure environment are in place. A SOC 3 report outlines IMDC’s compliance and is available publicly.

Resources: Make Your Data Center Initiative More Effective

Premium Content Whitepapers 10 Steps to Migration Success

10 Steps to Migration Success

View More

Premium Content Whitepapers 10 Reasons to Change Your Data Center Provider

10 Reasons to Change Your Data Center Provider

View More

Premium Content Videos Green Power Pass

Green Power Pass

View More

Premium Content Whitepapers Data Center Frontier Special Report: Green Data Centers and the Sustainability Imperative

Data Center Frontier Special Report: Green Data Centers and the Sustainability Imperative

View More

Contact Iron Mountain

Our Customer Support section can help provide you with the quickest answers to your questions, or feel free to contact us at your convenience

Contact Iron Mountain Data Centers Today

Contact Iron Mountain

Our Customer Support section can help provide you with the quickest answers to your questions, or feel free to contact us at your convenience