The Leaseweb Trust Model

The compliance framework developed with EY places Leaseweb at the forefront of the industry and provides a solid foundation on which you can build on. By clearly outlining the areas that are covered and by transparently sharing that information, it removes a major headache for customers.

You can present our certification to your auditors to verify quickly and easily that the services provided by Leaseweb meet the very latest requirements.

How the Leaseweb Trust model works

The Leaseweb Trust model uses our portfolio of services, expectations from external and internal stakeholders, and risk assessment workshops as the foundation and starting point of our compliance approach. Based on these inputs we created one custom framework which is divided into building blocks (right column) and the different industry standards (top row).


With this multi-audit approach we use the “test-once test-many” principle. It enabled three independent audit firms to work closely and made it location and Leaseweb company independent. But more importantly it provides a completely custom tailored framework that aligns with our services, business needs and risk landscape – as well as with your expectations as a customer. Every building block is now covered and independently audited by at least one certification/assurance report.


Leaseweb Trust Model
* Full documentation can be read on


Overview per independent Leaseweb company

Certificates / assurance reportsLeaseweb Netherlands B.V.Leaseweb Deutschland GmbHLeaseweb UK Ltd.Leaseweb USA, Inc.Leaseweb Asia Pacific Pte. Ltd.
ISO 27001ISO 27001:2013ISO 27001:2013 ISO 27001:2013 ISO 27001:2013 ISO 27001:2013 
SOC1 SOC1 Type II SOC1 Type II SOC1 Type II SOC1 Type II SOC1 Type II 
PCI DSSData center AMS-01 Data center FRA-10

Data center LON-01

Data center WDC-02Data center SIN-01
NEN 7510NEN 7510:2011   

The building blocks of the Leaseweb Trust Model

Normally, SOC1 is associated with financial controls but, given the type of our business we broadened the remit of our assurance reports to reflect our close connection with IT issues. This also enhances their relevance to our customers and their operations.


Objective area Objective description
Logical security Controls provide reasonable assurance that logical security is appropriately implemented, administered and logged to safeguard against unauthorized access to or modifications of the customer portal that our clients are using to administer their infrastructure and administration.
Physical security Controls provide reasonable assurance that physical access to the data centers is restricted to authorized individuals to prevent unauthorized use, disclosure, modification, damage or loss of data.
Service deployment Controls provide reasonable assurance that services to clients are appropriately deployed and managed to ensure a timely and standardized delivery.
Customer support Controls provide reasonable assurance that the customer support teams timely and effectively act on client’s infrastructure problems to minimize service disruptions.
Incident management Controls provide reasonable assurance that incidents on the shared infrastructure are appropriately managed, resolved and analyzed to minimize disruption and impact of the services.
Change management Controls provide reasonable assurance that changes on the shared infrastructure are appropriately managed to minimize the disruption and impact of the services.
Operational resilience Operations are appropriately managed to safeguard the data center facilities to avoid and minimize service disruptions. 



The International site provides access to our global portfolio of products.
For hosting exclusively in the United States, visit the US site.