Security & Certifications

When you use our infrastructure it effectively becomes an extension of your own. So you need to have absolute confidence that it meets the standards you set for yourself or that you have to comply with.

To help you in this and give the reassurance you need we employ independent third party auditors to certify that our systems and processes comply with all the latest industry standards. And you can find all the relevant certifications and details of the assurance reports right here.

  • Global recognition

    ISO 27001, PCI DSS, SOC 1, HIPAA and NEN 7510 certifications/assurance reports and our external audit partners are recognized all around the world.

  • All vital aspects covered

    Certifications and assurance reports ensure logical security, physical security, service deployment, customer support, incident management, change management, and operational resilience meet industry-leading standards.

  • Peace of mind

    Rest assured that wherever you are in the world we’ll have effective operational controls and meet stringent audit levels for data protection and availability.

You need to demonstrate to your customers, shareholders and other stakeholders that you have the necessary compliance in place to counter concerns over issues like cybersecurity and business resilience. We have worked closely with EY, EY CertifyPoint and ComSec Consulting to achieve ISO 27001, PCI DSS, SOC 1, HIPAA and NEN 7510 reports/certifications which assure you that our infrastructure, data handling and security meet industry-leading standards. You can see exactly what is covered by checking the ‘building blocks’ of the Leaseweb Trust Model.

Here are the certifications and assurance reports we have achieved:

Overview per independent Leaseweb company

Certificates / assurance reportsLeaseweb Netherlands B.V.Leaseweb Deutschland GmbHLeaseweb UK Ltd.Leaseweb USA, Inc.Leaseweb Asia Pacific Pte. Ltd.
ISO 27001ISO 27001:2013ISO 27001:2013 ISO 27001:2013 ISO 27001:2013 ISO 27001:2013 
SOC1 SOC1 Type II SOC1 Type II SOC1 Type II SOC1 Type II SOC1 Type II 
PCI DSS
View the certificate
Data center AMS-01 Data center FRA-01

Data center LON-01

Data center WDC-02Data center SIN-01
HIPAA  HIPAA 
NEN 7510NEN 7510:2011   

GAIA-X

Leaseweb has been an active member of GAIA-X since 2021 and is committed to developing and launching the new cloud infrastructures based on the Gaia-X principles. These principles take into account European data protection requirements, transparency and compatibility.

ISO 27001

The International Organization for Standardization (ISO) 27001:2013 is the international security standard used to benchmark the protection of sensitive data. Our certification process was carried out by EY CertifyPoint and encompassed organizational security policies, personnel security, physical and environmental security, systems and network security, and business continuity management.

PCI DSS

Payment Card Industry Data Security Standard (PCI DSS) ensures the secure handling of sensitive information and is intended to help organizations proactively protect customer account data. Our certification process was carried out by Comsec Consulting. As Leaseweb does not monitor or has access to customer data, applicability of the PCI/DSS certification, together with our data center partners, is restricted to physical security access to customer equipment through a combination of management systems and physical access safeguards and procedures. The covered aspects of the Leaseweb PCI DSS certification are: 12.1, 12.2, 12.4 to 12.10. More information.

The following Leaseweb data centers are PCI DSS certified for requirement 9 and 12:

• AMS-01
• FRA-01
• WDC-02
• SIN-01
• LON-01

View the certificate

SOC 1

Service Organization Controls (SOC) reports provide an examination of a description produced by us of the system(s) we operate on behalf of our clients that are relevant to their internal control processes. This audit process was carried out by EY. There are two types of reports: type I and type II, where type II adds an extended assertion and auditor’s opinion on the operating effectiveness of your controls.

HIPAA

The Health Insurance Portability and Accountability Act sets out standards for security controls to protect health information stored or processed online. Although there is no specific HIPAA certification for service providers like Leaseweb, EY has issued us with a third party statement that recognizes our platform as being compliant with HIPAA requirements that relate to our building blocks for logical and physical security, operational resilience, incident management, service deployment and change management. This enables customers to leverage our platform as part of their overall HIPAA compliance. More information.

NEN 7510

NEN 7510 is the standard developed by the Nederlands Normalisatie Institute for information security in the health sector. Although there is no specific NEN 7510 certification for service providers like Leaseweb, we have received a third party statement by EY for compliance with the NEN 7510 requirements in connection to our building blocks for logical and physical security, operational resilience, incident management, service deployment and change management. This enables customers to leverage our platform as part of their overall NEN 7510 compliance. More information.

CISPE

As part of our strong commitment to GDPR compliance we have registered our products with the Cloud Infrastructure Service Providers in Europe association (CISPE). CISPE have created a code of conduct for Infrastructure-as-a-Service (IaaS) providers such as Leaseweb to guide and verify GDPR compliance.

The International site provides access to our global portfolio of products.
For hosting exclusively in the United States, visit the US site.