In a landscape characterised by intense competition, changing technology and fast-evolving business needs, the ability to demonstrate compliance is becoming even more important.
Whether it’s driven by industry regulation or customer demand, you will be called on – at some point – to demonstrate your compliance with standards and certifications.
In this article, we discuss data centre compliance, what accreditations we hold, and why you should be careful when choosing a third-party provider.
The importance of data centre compliance
Data centres should be compliant with a range of recognised standards. We consider this to be paramount.
The importance of compliance is not just to tick the box of an abstract regulatory requirement, but to add real value to your business by guaranteeing a secure, reliable, consistent, and continually improving service.
In a highly-regulated industry, you may need to show compliance with some or all of these standards yourself. Hosting your systems in a certified data centre provides an essential confirmation of your commitment to security and compliance
All our data centres are designed from the ground up to ensure that your servers are physically secure. This approach means that our colocation services don’t complicate your compliance issues, but, instead, make it easier.
What our data centre accreditations mean
A modern-day data centre should have the highest level of physical security. At our data centres, you can expect multiple access controls, internal and external CCTV, steel perimeter fencing, and visitors escorted by staff.
Implementing these measures has earned us several accreditations. These certifications are only awarded after rigorous independent audits and show our commitment to the highest levels of service and security.
BSI – ISO 27001
ISO/IEC 27001 is a global best practice framework for an information security management system (ISMS). By achieving this certification, we can demonstrate our ISMS meets international best practices and holds up to scrutiny. For you, this means we can handle your information securely.
BSI – ISO 14001
This is a globally-recognised environmental protection standard. ISO 14001 is used across the world to reduce environmental impacts and is an excellent framework to help implement an environmental management system (EMS). By having this accreditation, it demonstrates our ability to measure and improve on identified areas of environmental responsibility.
BSI – ISO 9001
ISO 9001 is the Quality Management System (QMS) standard. Earning this accreditation means we can streamline operations, reduce costs, and continually improve our quality management system. You can take peace of mind, then, that we are always looking to identify areas for improvement.
PCI DSS (Payment Card Industry Data Security Standard) compliant
The PCI-DSS standard specifies the minimum security processes to be applied to protect payment card data and transactions carried out.
We have been assessed against the PCI-DSS physical security requirements at our data centres in Edinburgh Medway, Maidenhead, Milton Keynes, Newcastle, South London and South Yorkshire.
Cloud Security Alliance (CSA) STAR certificate
Cloud computing has opened up many new opportunities, but it also presents several new security risks. This certificate shows that we have one of the highest standards in the cloud security industry. For you, it means continual progress, demonstrable safety, and transparency.
SSE Green Certificate
SSE Green demonstrates our commitment to only using 100% renewable energy. That is, clean electricity generated by wind and hydro assets. You can be confident that the electricity we use to house your data is renewably sourced and has zero carbon emissions.
Advantages of data centre compliance
Data centres are our business. That means we have a greater degree of security and compliance than many organisations could achieve on their premises.
Partnering with us as your colocation or managed hosting provider means that you don’t have to keep abreast of ever-changing compliance requirements. You can leave it to the experts.
Regulatory controls that would be burdensome for you to understand, implement, document, and demonstrate in an audit have already been implemented in our data centres.
We can provide the certificates to prove this to your auditors. That means your IT professionals can be freed from the need to deal with compliance frameworks and, instead, perform work that will directly benefit your business.
ISO data centre compliance
The ISO approach to certification requires a continuous programme of audits to ensure continued compliance. The audit is structured around a defined global list of requirements and controls, which independent audits will confirm that we remain compliant with.
Our certifications are valid for three years from the point they are awarded. However, during that period, a schedule of on-going audits are established to show that the management system is constantly reviewed using a sampling approach. This is also to ensure that a development and improvement cycle is undertaken.
Come and see for yourself
For further peace of mind, you are free to come and audit our data centres yourself.
Subject to the agreement of suitable controls to protect our other customers, we will allow physical penetration testing of our facilities.