EN
EN
Sign in mini-cart 0
EN
EN
BlogKnowledge BaseDeveloper APIStatusCustomer Portal

You can present our certification to your auditors to verify quickly and easily that the services provided by Leaseweb meet the very latest requirements.

How the Leaseweb Trust model works

The Leaseweb Trust model uses our portfolio of services, expectations from external and internal stakeholders, and risk assessment workshops as the foundation and starting point of our compliance approach. Based on these inputs we created one custom framework which is divided into building blocks (right column) and the different industry standards (top row).

 With this multi-audit approach we use the “test-once test-many” principle. It enabled three independent audit firms to work closely and made it location and Leaseweb company independent. But more importantly it provides a completely custom tailored framework that aligns with our services, business needs and risk landscape – as well as with your expectations as a customer. Every building block is now covered and independently audited by at least one certification/assurance report.

Services Covered:

Corporate infrastructure, Bare Metal Services, Virtual Private Server,
Private Cloud, Hybrid Cloud, Co-location, Web Hosting, Domain Name


Certificates
SOC-1ISO 27001HIPAANEN 7510PCI DSS

Customer Service


Service Deployment


Incident Management


Change Management


Logical Security


Physical Security

Operational Resilience


* Full documentation can be read on https://kb.leaseweb.com

The building blocks of the Leaseweb Trust Model

Normally, SOC1 is associated with financial controls but, given the type of our business we broadened the remit of our assurance reports to reflect our close connection with IT issues. This also enhances their relevance to our customers and their operations.

Logical security

Each customer is solely responsible for encrypting their own data transferred and securing their methods of authentication.

We ensure that logical security is appropriately implemented, administered and logged to safeguard against unauthorized access to or modifications of programs and data. See below how we handle it:

  • We have policies and procedures in place with regards to account management
  • We manage passwords and authentication protocols
  • We closely monitor user terminations
  • We scan all new users prior to assigning access
  • We periodically review access
  • We have strong cryptography & security protocols with regards to data transmission
  • With have monitoring tools & firewalls
  • There is a Business Continuity Plan in place

Physical security

We ask customers to adhere to our house rules when they come visit us – we need your help to stay secure.

We secure physical access to our facilities (offices and data centers) by:

  • Keeping track of people entering the premises – both employees and visitors
  • Periodically reviewing physical access assignment
  • Establishing and adhering to internal policies with regards to access
  • Secure access with badge readers
  • Camera surveillance
  • Burglary prevention systems
  • Facility team keeping eye on premises entrances’
  • Termination of badges as soon as their  access expires

Service deployment

Leaseweb developers follow the predetermined processes. Our processes:

  • Are documented
  • Secure
  • Reviewed and validated prior to launch

Customer support

We ask our customers to report any issues that they encounter with regards to our products as soon as possible. Please do so always in a clear and complete manner, so we can help you faster.

We ensure our customers enjoy a good, quality downstream service by:

  • Dedicated Customer Portal
  • Available 24/7 customer care
  • Standardized process of handling reported issues
  • Logging all incidents in ticketing system (all incoming calls, requests) so we won’t miss out anything
  • Continuous service improvement

Incident management

We recommend that all customers keep their contact information up to date, so that they can be contacted by Leaseweb in case of any incident impacting their products.

A formal incident management procedure is in place: 

  • Detecting security incidents
  • Classifying incidents
  • Communication between interested parties 
  • Resolution
  • Learning from incidents

Change management

We recommend that all customers keep their contact information up to date, so that they can be contacted by Leaseweb of any changes that can impact provided service. 

A formal change management procedure is in place:

  • A formal change management procedure is created and used to handle in a standardized manner all changes
  • A formal emergency change management procedure is created and used to handle in a standardized manner all changes
  • The CP applications are developed, modified and tested in an environment separate from the production environment. Access to the production environment is appropriately restricted.
  • Personnel independent of developers review CP changes and have the responsibility for the deployment of changes into the acceptance and production environment
  • All steps are documented in change management ticket

Operational resilience

We manage operations to safeguard the data center facilities to avoid and minimize service disruptions.

  • Access to secure areas within the Data Center is restricted and monitored
  • Access rights to each Data Center facility in scope, is reviewed periodically
  • A review is performed on the reports of the Data Center facility in scope

Scroll to top