A step ahead: what sets our data center compliance program apart (part 2)

Blogs and Articles

When it comes to compliance, Iron Mountain Data Centers (IMDC) is forging new paths. Jim Henry, Manager of Global Compliance, shares why IMDC is a leader in the industry.

July 29, 20227 mins
Data Center Selection Criteria Go Beyond Dollars and Cents- Inside a server room
When it comes to compliance, Iron Mountain Data Centers (IMDC) is forging new paths. Jim Henry, Manager of Global Compliance, shares why IMDC is a leader in the industry.
At Iron Mountain Data Centers, we are proud to have the most comprehensive compliance program in the industry.

Comprehensive Compliance

We take a well-rounded approach to compliance, and cater to every need of the customer, whether that's information security, energy, environmental or health and safety compliance. 

We understand that while the data center industry is still young, the rapid pace of requirements from a diverse range of customers has evolved greatly. To demonstrate this, we leave no stone unturned when it comes to meeting customer needs.

Enterprise-Wide Compliance Breadth and Depth

We provide an enterprise-wide, consistent approach to all types of regulatory and standards compliance. If we have a certification or report at one facility, you can rest assured that it is in place across our portfolio or across a given region. We offer consistent reporting and rigorous auditing across the enterprise to mitigate risk and maximize streamlining the customer audit process.

Ultimately, this makes it easier for our customers when they are interested in a particular market. They know exactly what they can expect at each of our data centers, no matter what their requirements and initiatives are.

Going Above and Beyond

In addition to certifications that are popular in the industry, we go above and beyond to align with standards and reports that ensure the highest federal security standards possible and reinforce our commitment to continual improvement and sustainability with energy efficiency and environmental efforts. 

No other data center provider in the industry can show and talk through the third-party audit reports, certifications, or rigor behind their sustainability and energy management programs that we can, from an enterprise perspective.

What sets us apart is that we respect and comply with local nuances, and offer a consistent product, tailored on local requirements in each geography.

NIST 800-53

At Iron Mountain Data Centers in the United States, one of our key hallmarks is that we have the NIST 800-53 attestation and report across the board at all facilities. This means we offer customers from the federal sector and their subcontractors the same level of support and compliance at every U.S. location

Why is NIST 800-53 Important?

NIST Special Publication 800-53 is a robust set of security and privacy controls for all U.S. federal information systems, and largely, those of US Federal subcontractors. Having the NIST 800-53 report and attestation in place at all sites enables our customers to inherit FISMA HIGH data center controls, and complete FedRAMP assessments in a streamlined manner. 

When a customer needs support from IMDC in their assessment, we're able to show full compliance with physical and environmental controls that map to the FISMA HIGH baseline.

Our state-of-the-art physical security standards and processes allow full compliance with even the most stringent government requirements, such as the new Department of Defense Cybersecurity Maturity Model Certification

Mapping our control set to the applicable CMMC controls will clarify alignment when our customers need help during the last mile of their CMMC assessments. All in all, it gives our customers an ease of use when it comes to auditing compliance and their own internal, and third-party assessments for showing maturity within the five levels of the CMMC.

ISO 50001 and ISO 14001

We're excited to announce that we are now the first and only data center services  provider in the industry to have an enterprise-wide certified ISO 14001 and 50001 environmental and energy management system, further strengthening our commitment to energy efficiency and overall environmental management.

For these certifications, an independent third-party assessor audits our entire global portfolio against the ISO 50001 and ISO 14001 international standards. These are frameworks that many organizations are using to align with as they begin their environmental initiatives, but are time consuming to implement for full certification. 

Over time, we've employed many practices that make a noticeable difference in better preparing for environmental risks and increasing energy management. These practices are refined, and audit ready so we can demonstrate our commitment to the planet.

This takes our program to a different level of continuous improvement. It enables us and commits our teams to employ specific environmental practices every year, improving our posture from an environmental and energy standpoint. ISO 14001 and ISO 50001 certification hinges on the program being maintained properly with constant improvement and leadership involvement.

At Iron Mountain, we don't just talk about responsible energy use, we live it.

Why are 50001 and ISO 14001 Important? 

Having a sustainability plan and roadmap in place is an incredibly important aspect now, more than ever, due to the increasing climate change and environmental impact risk of the technology industry. 

As advancement and innovation drives growth of software and services, the parallel demand for hardware and space to host is natural. With that said, our customers and their customers have initiatives of their own around sustainability and environmental stewardship. 

More often than ever, customers of all industries and sizes are inquiring about sustainability, and it is our goal to help them as partners in the journey. We aim to do the same in aligning with others’ goals and objectives and show this through rigorous third-party audits.

It’s important to note that sustainability itself may often be overshadowed by an abundance of statements and press releases, but in reality, it’s about making a material difference that can be validated by outside parties. Our approach is more focused on providing external opinions on our work through assessments, that way, all the qualitative and quantitative data we provide to customers has integrity and full transparency.

ISO 45001: Health and Safety Management

Iron Mountain Data Centers is setting the trend in data center workplace safety through our certification and alignment with ISO 45001, a certified health and safety management system. 

ISO 45001 provides a single, clear framework for all organizations wishing to improve their OH&S performance. The goal of ISO 45001 is the reduction of occupational risk and hazards, including promoting and protecting physical and mental health.

Taking care of our employees and everyone at our facilities is a top priority. Certifying against the ISO 45001 health and safety management system standard ensures that we're going above and beyond health and safety best practices, local law and regulation, and implementing a system that reduces overall risks and eliminates hazards and reduces incidents onsite. 

Certifying against the framework is important because we are demonstrating going above and beyond the best practices and local regulation, taking a holistic approach to planning work, organizing activities, and ensuring that adequate risk consideration is a part of our daily site operations.

Looking to the Future

At Iron Mountain Data Centers, we are incredibly proud of our compliance program and the teams that support it. Every single one of our employees plays a vital part in what we offer, and that means we can deliver optimal continual improvement to our customers. 

The foundation that we have built sets the standard for what we will do in the future. We continue to look ahead, keeping our ear to the industry and listening to our customers. We are committed to implementing programs that offer scale, not only with ourselves, but our customers, giving them what they need for the future.

To find out more about Our Data Center Compliance Program go to
A Step Ahead What Sets Our Data Center Compliance Program Apart (Part 1).