To help you in this and give the reassurance you need we employ independent third party auditors to certify that our systems and processes comply with all the latest industry standards. And you can find all the relevant certifications and details of the assurance reports right here.
All vital aspects covered
Certifications and assurance reports ensure logical security, physical security, service deployment, customer support, incident management, change management, and operational resilience meet industry-leading standards.
ISO 27001, PCI DSS, SOC 1, HIPAA and NEN 7510 certifications/assurance reports and our external audit partners are recognized all around the world.
Peace of mind
Rest assured that wherever you are in the world we’ll have effective operational controls and meet stringent audit levels for data protection and availability.
You need to demonstrate to your customers, shareholders and other stakeholders that you have the necessary compliance in place to counter concerns over issues like cybersecurity and business resilience. We have worked closely with EY, EY CertifyPoint and ComSec Consulting to achieve ISO 27001, PCI DSS, SOC 1, HIPAA and NEN 7510 reports/certifications which assure you that our infrastructure, data handling and security meet industry-leading standards. You can see exactly what is covered by checking the ‘building blocks’ of the Leaseweb Trust Model.
Here are the certifications and assurance reports we have achieved:
Service Organization Controls (SOC) reports provide an examination of a description produced by us of the system(s) we operate on behalf of our clients that are relevant to their internal control processes. This audit process was carried out by EY. There are two types of reports: type I and type II, where type II adds an extended assertion and auditor’s opinion on the operating effectiveness of your controls.
The International Organization for Standardization (ISO) 27001:2013 is the international security standard used to benchmark the protection of sensitive data. Our certification process was carried out by EY CertifyPoint and encompassed organizational security policies, personnel security, physical and environmental security, systems and network security, and business continuity management.
Payment Card Industry Data Security Standard (PCI DSS) ensures the secure handling of sensitive information and is intended to help organizations proactively protect customer account data. Our certification process was carried out by Comsec Consulting. As Leaseweb does not monitor or has access to customer data, applicability of the PCI/DSS certification is restricted to physical security access to customer equipment through a combination of management systems and physical access safeguards and procedures. The covered aspects of the PCI/DSS certification are: 9.1 to 9.4, 9.10, 10.6.1, 11.1.2, 12.1, 12.2, 12.4 to 12.10.
The following Leaseweb data centers are PCI DSS certified:
The Health Insurance Portability and Accountability Act sets out standards for security controls to protect health information stored or processed online. Although there is no specific HIPAA certification for service providers like Leaseweb, EY has issued us with a third party statement that recognizes our platform as being compliant with HIPAA’s requirements that relate to our service blocks for logical and physical security, operational resilience, incident management, service deployment and change management. This enables customers to leverage our platform as part of their overall HIPAA compliance.
NEN 7510 is the standard developed by the Nederlands Normalisatie Institute for information security in the health sector. We have received a third party statement by EY for compliance with the NEN 7510’s requirements in connection to our service blocks for logical and physical security, operational resilience, incident management, service deployment and change management.
As part of our strong commitment to GDPR compliance we have registered our products with the Cloud Infrastructure Service Providers in Europe association (CISPE). CISPE have created a code of conduct for Infrastructure-as-a-Service (IaaS) providers such as Leaseweb to guide and verify GDPR compliance.
EU US Privacy Shield
The U.S. Department of Commerce International Trade Administration (ITA) have confirmed that all the necessary Privacy Shield Principles were duly adhered to by Leaseweb. This certification demonstrates that we have taken adequate technical and organizational measures for the level of privacy protection as required under the GDPR legislation. Furthermore, our GDPR ready General Conditions and Privacy Statement contribute to the EU-US Privacy Shield Principles Certification.