To help you in this and give the reassurance you need we employ independent third party auditors to certify that our systems and processes comply with all the latest industry standards. And you can find all the relevant certifications and details of the assurance reports right here.

  • All vital aspects covered

    Certifications and assurance reports ensure logical security, physical security, service deployment, customer support, incident management, change management, and operational resilience meet industry-leading standards.

  • Global recognition

    ISO 27001, PCI DSS, SOC 1, HIPAA and NEN 7510 certifications/assurance reports and our external audit partners are recognized all around the world.

  • Peace of mind

    Rest assured that wherever you are in the world we’ll have effective operational controls and meet stringent audit levels for data protection and availability.

You need to demonstrate to your customers, shareholders and other stakeholders that you have the necessary compliance in place to counter concerns over issues like cybersecurity and business resilience. We have worked closely with EY, EY CertifyPoint and ComSec Consulting to achieve ISO 27001, PCI DSS, SOC 1, HIPAA and NEN 7510 reports/certifications which assure you that our infrastructure, data handling and security meet industry-leading standards. You can see exactly what is covered by checking the ‘building blocks’ of the LeaseWeb Trust Model.

Here are the certifications and assurance reports we have achieved:

  • ISO 27001

    The International Organization for Standardization (ISO) 27001:2013 is the international security standard used to benchmark the protection of sensitive data. Our certification process was carried out by EY CertifyPoint and encompassed organizational security policies, personnel security, physical and environmental security, systems and network security, and business continuity management.

  • PCI DSS

    Payment Card Industry Data Security Standard (PCI DSS) ensures the secure handling of sensitive information and is intended to help organizations proactively protect customer account data. Our certification process was carried out by Comsec Consulting. As LeaseWeb does not monitor or has access to customer data, applicability of the PCI/DSS certification is restricted to physical security access to customer equipment through a combination of management systems and physical access safeguards and procedures. The covered aspects of the PCI/DSS certification are: 9.1 to 9.4, 9.10, 10.6.1, 11.1.2, 12.1, 12.2, 12.4 to 12.10.

    The following LeaseWeb data centers are PCI DSS certified:

    • AMS-01
    • AMS-10
    • FRA-10
    • WDC-01
    • SIN-11
    • HKG-10

  • SOC 1

    Service Organization Controls (SOC) reports provide an examination (similar to an audit) of a description produced by us of the system(s) we operate on behalf of our clients that are relevant to their internal control processes. The audit process was carried out by EY. There are two types of reports: type I and type II, where type II adds an extended assertion and auditor’s opinion on the operating effectiveness of your contro

  • HIPAA

    The Health Insurance Portability and Accountability Act sets out standards for security controls to protect health information stored or processed online. Although there is no specific HIPAA certification for service providers like LeaseWeb, EY has issued us with a third party statement that recognizes our platform as being compliant with HIPAA’s requirements that relate to our service blocks for logical and physical security, operational resilience, incident management, service deployment and change management. This enables customers to leverage our platform as part of their overall HIPAA compliance.

  • NEN 7510

    NEN 7510 is the standard developed by the Nederlands Normalisatie Institute for information security in the health sector. We have received a third party statement by EY for compliance with the NEN 7510’s requirements in connection to our service blocks for logical and physical security, operational resilience, incident management, service deployment and change management.