The Industry’s Most Comprehensive Security & Compliance Program – Existing Framework with 225,000+ Customers
  1. Home
  2. Digital Transformation
  3. Data Centres
  4. About
  5. Data Centre Compliance & Security

Data Centre Compliance Support For Highly Regulated Organizations

HIPAA – PCI – FISMA High – FedRAMP – SOC 2 Type 2 – SOC 3 – ISO 27001 – ISO 50001 – ISO 14001 – ISO 9001



Since 1951, Iron Mountain has been the trusted guardian for more than 225,000 customers including 95% of the Fortune 1000. Our reputation of success brings peace of mind knowing your infrastructure is in good hands with our 30+ year track record in colocation excellence.


Iron Mountain offers some of the world’s most secure data centres. Our federal-grade, multi-layered approach to security includes a combination of technical and human security measures. Our innovative security and trained personnel help to mitigate risk.


Trusted by some of the world’s most highly-regulated organizations, Iron Mountain is an industry leader in compliance. Reduce data centre risk with our comprehensive compliance support, including HIPAA, FISMA High, PCI-DSS, ISO 27001, and SOC 2/3.

Data Centre Compliance Portfolio



The Health Insurance Portability and Accountability Act (HIPAA) is governed by the Department of Health and Human Services’ (HHS) Office of Civil Rights that sets the national security standards for safeguarding Protected Health Information (PHI) and electronic PHI (e-PHI). Iron Mountain colocation facilities are HIPAA compliant and independently audited on an annual basis to ensure maximum security and minimum risk.
PCI Security Standards Council

PCI DSS Level 1

The Payment Card Industry Security Standard (PCI DSS) is a set of security standards that applies to all providers that store, process or transmit cardholder data (CHD). Iron Mountain obtains an independent Attestation of Compliance for all controls that apply to the colocation services across all facilities on an annual basis. You can also find our status of compliance on Visa’s Global Registry of Service Providers.

FISMA and FedRamp High**

Iron Mountain enables government agencies to achieve and maintain compliance with the Federal Information Security Management Act (FISMA) and Federal Risk and Authorization Management Program (FedRAMP). All colocation facilities are independently audited on an annual basis by a 3PAO against the National Institution of Standards and Technology Special Publication 800-53 (NIST 800-53) Revision 4 controls and high-risk control enhancements.
SOC 2 SOC 3 Logos

SOC 2/3

Iron Mountain demonstrates compliance with the AICPA’s Trust Services Principles of Security and Availability by way of an independent SOC 2 Type II audit across all facilities on an annual basis. A SOC 3 report is also published to outline IMDC’s compliance with the SOC 2 and is available to customers without the need for an NDA. Colocate with confidence at Iron Mountain, an industry leader in data centre compliance. 
A blue and white logo that reads "ISO 27001 Certified by Schellman"

ISO 27001

Iron Mountain’s global portfolio of data centres are ISO 27001 certified to support optimal delivery of services while minimizing risk to your data. ISO 27001 is a globally recognized security standard that ensures the establishment of an Information Security Management System (ISMS) within an organization to oversee the effective implementation of a comprehensive set of security controls and best practices. Choose Iron Mountain to reduce your company’s risk.
A green and white logo in the shape of a triangle that reads "ISO 50001 REGISTERED"

ISO 50001

As an industry leader in data centre compliance, Iron Mountain colocation facilities are ISO 50001 certified to maximize energy efficiency at each facility across our portfolio. ISO 50001 is a globally recognized energy performance standard that ensures the establishment of an Energy Management System (EnMS) within an organization to oversee the effective implementation of a comprehensive set of energy management controls and best practices. 
International Organization for Standardization 14001

ISO 14001*

Iron Mountain has achieved certification with ISO 14001 to demonstrate our commitment to measure and improve on identified areas of environmental responsibility.
A globally recognized environmental protection standard, ISO 14001 ensures the establishment of an Environmental Management System (EMS) within an organization to oversee implementation of a comprehensive set of environmental protection controls and best practices.
Green logo for ISO 9001 compliance

ISO 9001*

ISO 9001 is a globally recognized quality management standard that ensures the establishment of a Quality Management System (QMS) within an organization to oversee the effective implementation of a comprehensive set of quality controls and best practices. Iron Mountain has achieved certification with ISO 9001 to demonstrate our commitment to measure and continually improve service delivery and customer satisfaction.

*Only available at Amsterdam. Tentative for full portfolio late 2019.
**HIPAA and NIST available at US locations only.


Click on a box below to learn more about the specific offerings at Iron Mountain’s data centres.


Data Centre Compliance & Security

Choose Iron Mountain to reduce data centre risk with our industry-leading compliance program. You receive comprehensive compliance support, federal-grade security, and the stability of an S&P 500 REIT with 1,400+ locations. 

Green Data Centres

As one of the top three data centre providers of green power, Iron Mountain is committed to sustainability. Our colocation facilities are powered by 100% renewable energy, thanks to carbon credit assistance and low PUE. 

Hyperscale Data Centres

We’re building to address the exacting needs of hyperscale cloud providers. With inventory globally, choose hyperscale-ready build-to-suit, dedicated, or modular data centres for wholesale requirements.

Strategic Edge Data Centres

Get closer to your end users while increasing security and reliability at Iron Mountain’s Strategic Edge colocation facilities. In strategic markets, MOD’s are available, providing higher performance and lower latency.
Underground Data Centre

Underground Data Centres

For an additional layer of physical security, choose one of Iron Mountain’s Underground Data Centres. Situated up to 200+ ft. below the earth’s surface, our data centres are some of the most secure facilities in the U.S. 


Phoenix Datacenter - Goldman Sachs Case Study


Goldman Sachs - Banking / Financial Services

Hyperscale Ready facility, Modular Data Centre

Scalability, Sustainability, Fast Time-to-Market


Identify a data centre solution that allowed Goldman Sachs to scale rapidly to meet increasing market demand while supporting its commitment to sustainability and security of customer assets. Provider must be able to meet aggressive delivery timelines to ensure proper time-to-market.


Goldman Sachs chose an Iron Mountain modular data centre as the ideal solution to its data centre initiative. This delivered data centre PUE near 1.1, which reduced waste and addressed the sustainability requirement. The MOD also provided a self-contained environment for added security and scalability.


“We are pleased to partner with Iron Mountain and believe their strategy provides sustainable enhancements to our data centre operations. Their innovative technology and services will allow Goldman Sachs to scale its data centre operations more efficiently, and further advance the firm’s broader commitment to environmental stewardship and reduced carbon footprint.”


Twitter: @GoldmanSachs

Data Centre Compliance Across the Globe

Data Center Compliance
Business Women Talking with Customer | Iron Mountain

Contact Iron Mountain

Our Customer Support section can help provide you with the quickest answers to your questions, or feel free to contact us at your convenience