Iron Mountain certifications and awards

About us

Certifications, awards, commitments and partnerships

Safeguarding what you value is our priority. We not only abide by the strictest industry standards—we help set them. Our industry memberships, certifications and awards keep us ahead of new developments so we can innovate for our customers.

Awards and Recognitions

Corporate Equality Index
Scored 90 on the Human Rights Campaign 2023 Corporate Equality Index
Built-in
We were named A Best Place to Work in 2024 by Built-In as one of the best 100 large companies to work for
ftse4-good-logo-png
Iron Mountain is listed on the FTSE4Good Index for meeting globally recognized corporate social responsibility standards.
fortune-logo-png
We rank 604th on the 2024 Fortune Magazine Fortune 1000 list of the largest public companies in the United States.
standard-and-poors-logo-png
We’re a member of the S&P 500 Index, the leading bellwether of the U.S. equities market.
privacy plus
We are recognized as a PRIVACY+ certified organization by i-SIGMA.
Disability equality index logo
We scored 100% on the 2024 Disability Equality Index.
Top Places to Work for Women
Recognized by Comparably as one of the Top Places to Work for Women

Commitments

Business ambition
In 2024, we resubmitted our science-based target under SBTi’s Business Ambition for 1.5°C campaign and net zero by 2040 that includes the following near-term targets
Climate group
On June 4, 2018, Iron Mountain joined the RE100 and committed to 100 percent renewable energy and to reduce greenhouse gas emissions to help meet the Paris Climate Accord.
Climate Group EV100
As part of our membership with EV100, Iron Mountain is committed to transitioning 10% of our total fleet to electric by 2025 and expected to exceed 2,000 vehicles by 2030.
better-buildings-logo
In 2016 Iron Mountain announced that our data center business unit joined the U.S. Department of Energy (DOE) Better Buildings Initiative as a Challenge Partner.
UNGC
At Iron Mountain, our operations and strategies are aligned with the ten universally accepted principles in the areas of human rights, labor, environment and anti-corruption, to take actions in support of the United Nations Global Compact goals, including the Millennium Development Goals.
GRI
Iron Mountain understands the value of transparency and public reporting on our sustainability impacts. One framework we report to is The Global Reporting Initiative to identify and reduce risks, seize new opportunities, and take action towards becoming a transparent, trusted organization in a more sustainable world.
sustainable-development-goals-logo
Iron Mountain is committed to leveraging our global scale to make a positive difference on the communities in which we work. As a signatory to the United Nations Global Compact we are committed to the Sustainable Development Goals.
CDP
In addition to the Global Reporting Initiative, Iron Mountain also discloses through CDP to catalyze urgent action towards a sustainable net-zero, deforestation-free and water-secure world.

* last updated Aug 15, 2024

Industry Memberships/Partnerships

 

  • i-SIGMA (International Secure Governance & Management Association) – we’re a founding member of this professional body for information management vendors (formerly PRISM (Professional Records & Information Services Management).
  • Shared Assessments – Iron Mountain is a long time member of the Shared Assessments program and sits on the steering committee. Shared Assessments is dedicated to developing standardization and best practices in the field of third party risk management.
  • CEBA – we are a member of the Rocky Mountain Institute’s Business Renewable Center and the Clean Energy Buyers Association (CEBA). Combined, our commitments to wind and solar power make the company one of the top 25 buyers of clean energy among the FORTUNE 1000 and a top 70 energy buyer in the Environmental Protection Agency Green Power Partnership.
 

Certifications/Audit reports

  • Service Organization Control (SOC) 3 Report, formerly SysTrust®, from the American Institute of Certified Public Accountants (AICPA) – an audit of our IT systems by an outside, independent auditor to ensure we have appropriate internal controls in place for our IT infrastructure environment. Our SOC certification is based on three Trust Services Principles: (1) Security, (2) Confidentiality, and (3) Availability. Each principle is supported by well-defined and detailed criteria that encompass an organization's infrastructure, software, people, procedures and data. Download the Service Organization Control (SOC) 3 Report here.
  • Service Organization Control (SOC) Type 2 Report from the AICPA – Iron Mountain also maintains a non-public SOC 2 Report. If needed, please work with your account representative to obtain this report.
  • NAID AAA certification from i-SIGMA
  • Privacy+ certification from i-SIGMA.
  • PCI-DSS Attestation of Compliance (AOC) based on the Payment Card Industry Data Security Standard – If needed, please work with your account representative to obtain this attestation.
  • ISO/IEC 27001:2013 Certification, which establishes common Information Security Management Systems (ISMS) controls and procedures for Iron Mountain InSight® running in a secure cloud hosted environment.
  • SOC 2 Type 2 report from the AICPA - Iron Mountain InSight® also maintains a SOC 2 Type 2 attestation running in a secure cloud hosted environment.
  • FedRAMP,Iron Mountain InSight has achieved FedRAMP Ready status on AWS Gov Cloud, as approved by the Federal Risk and Authorization Management Program (FedRAMP).
  • FedRAMP, Iron Mountain InSight has received an ATO and is listed as FedRAMP In Process on GCP (Google Cloud Platform, as approved by the Federal Risk and Authorization Management Program (FedRAMP).
  • StateRAMP, StateRAMP PMO has granted the status of StateRAMP Ready for Insight

Iron Mountain is licensed by the New Jersey Office of Consumer Affairs, license NJPM001200. The permanent place of business in NJ is 526 Route 46, Teterboro, NJ.

ALM certifications and standards

At ITRenew Inc. (Iron Mountain ALM), we're proud to be certified against globally recognized ISO standards by Intertek:

  • ISO 9001: 2015 (Quality Management System):Ensuring top-notch quality for receiving, sorting, demanufacturing, testing, resale, and data destruction of Electronic Equipment.
  • ISO 45001: 2018 (Occupational Health & Safety Management System):Prioritizing safety for our employees and partners when receiving, sorting, demanufacturing, testing, resale, and data destruction of Electronic Equipment.
  • ISO 14001: 2015 (Environmental Management System):Committing to eco-friendly practices and sustainability when receiving, sorting, demanufacturing, testing, resale, and data destruction of Electronic Equipment.
  • ISO 27001: 2013 (Information Security Management System):Safeguarding data with robust security measures related to the provision of IT Asset Disposition including Asset Disposal, Remarketing, Recycling, and Data Security Services.
  • Responsible Recycling (R2v3):The Responsible Use and Recycling (R2) standard, is intended to regulate and minimize the impact of electronics refurbishing and recycling on the environment and on the workers engaged in the e-recycling process. This standard focuses on the assurance that sensitive data will be destroyed, electronics with residual value will be reused, and their assets will not be disposed of in any landfills.

ITRenew Inc. a wholly owned subsidiary of Iron Mountain ALM currently operate R2 v3 facilities in the following facilities:

  • Olathe, Kansas, USA
  • Iron Mountain ALM are currently in the process of transferring certification from Sterling, Virginia, USA (closed facility) to our new facility in Front Royal, Virginia, USA
  • Drogheda, Louth, Ireland
  • Lulea, Norrbotten, Sweden
  • Iron Mountain ALM are also working towards certification in the Iron Mountain ALM facility based in Singapore.

At Regency Technologies, a wholly owned subsidiary of Iron Mountain ALM, all eight of our facilities hold the following certifications:

  • E-Stewards: The e-Stewards Standard for Ethical and Responsible Reuse, Recycling, and Disposition of Electronic Equipment and Information Technology Version 4.1 – e-Stewards Certification sets the highest standard for ethical and innovative retired electronic asset processing in the world. e-Stewards certified processors ethically repair and recycle retired electronic assets. The standard enforces requirements focusing on topics including but not limited to Data Security, Downstream Due Diligence, Legal Transboundary Movements, Proper Reuse & Refurbishment, Communications (Internal & External), Continuous Improvement, and Environmental Management Systems. You can learn more at https://e-stewards.org/
  • RIOS:2016 – The Recycling Industry Operating Standard: The RIOS standard is an integrated Quality, Environmental, Health and Safety Management System that is designed specifically for recyclers. Built on the well-established Plan-Do-Check-Act model, the RIOS standard takes a risk-based approach to addressing all QEHS risks and impacts within a recycling facility.
  • ISO 14001: 2015 (Environmental Management System): Committing to eco-friendly practices and sustainability when receiving, sorting, demanufacturing, testing, resale, and data destruction of Electronic Equipment.
  • NAID AAA Certification: NAID is the standards setting body for the information destruction industry. NAID AAA Certification verifies the qualifications of certified information destruction providers through a comprehensive scheduled and unannounced audit program. Iron Mountain is NAID AAA certified for hard drive shredding for the Asset Lifecycle Management business.

The above certifications all apply to the following Regency Technologies (Iron Mountain ALM) facilities:

  • Austell, Georgia
  • Brooksville, Florida
  • Chicago, Illinois
  • Durham, North Carolina
  • Grand Prairie, Texas
  • Phoenix, Arizona
  • Stow, Ohio
  • Tumwater, Washington

Teraware Data Sanitization Platform

  • NIST 800-88: Once every asset to be decommissioned has been identified, Teraware goes to work. Teraware’s agent-based architecture scales to any size job; whether it’s one drive or 100,000, Teraware erases all drives concurrently, minimizing customer data exposure risk window. NIST 800-88 is descriptive with regard to media types, chain of custody, methods of destruction, and reporting. ITRenew follows NIST 800-88 and goes a step further, exceeding all industry standards and compliance.
  • ADISA Certified Data Sanitization: The Asset Disposal & Information Security Alliance (ADISA) offers accreditation to companies that maintain the highest standards in IT asset disposal and data sanitization. Only nine companies worldwide are expected to achieve ADISA data sanitization accreditation for both HDDs and SSDs in 2020.
  • Passed ADISA Threat Matrix Level 2: Iron Mountain's proprietary sanitization platform, Teraware, is the only software to have done so for multiple types of SSDs and HDDs (incl. SATA-HDD, SAS-HDD, SATA-SSD, SAS-SSD, FC-SSD, and NVMe-SSD)
  • Only sanitization platform to pass ADISA accreditation using the latest drive technologies (NVMe) and capacities (10TB+)
  • 17 Certificates for Forensic Data Erasure of SSDs and HDDs

Contact us

paper and pen

Contact us

Fill out this form and an Iron Mountain specialist will contact you within one business day.
Get a quote
laptop profile screen

Login and bill pay

Log in to your account or learn how to create one.
Get started
customer service

Support center

Our Customer Support Center can help provide you with the quickest answers to your questions.
Get support
ringing telephone

Call sales

Connect with one of our knowledgeable representatives to address your specific solution needs.
800 - 899 - 4766