Q01What ISO certificates do you have?
We take data and site security very seriously. As such, we routinely have external auditors ISO certify all our sites, with the relevant accreditations for the hosting environment.
As part of the iomart Group, our ISO Accreditations are held under the company name of iomart. Iomart and all our sites are 9001 and 27001 certified. These certificates are recommended by the British government for hosting companies and guarantee that our site’s security, documentation, service standard and processes are all of a high standard, as expected of a data centre. Our ISO accreditations are held with the external auditing company ISOQAR.
The 9001 and 27001 certifications are predominantly used in the UK, but these certificates are of an international standard and are internationally recognised. These ISOs cover data protection, security, compliance and quality of service.
Our compliance with these standards is a continual process, with spot checks being performed by auditors as part of the compliance process, on a regular basis.
If you require more information about our ISO accreditations, please visit iomart’s accreditations webpage, found here:
https://www.iomart.com/about-iomart/accreditations/
If you wish to verify our certificates and see our continued compliance, you can do so independently by going through ISOQAR. Our certificate number is '7235'. Here is a link to ISOQAR’S website:
https://www.alcumusgroup.com/isoqar/customer-area/validate-a-certificate
If you have any further questions about our ISO accreditations, please feel free to get in touch.
Q02Do you offer PCI-compliant hosting?
Yes we do. PCI compliance can be an onerous undertaking, both in regards to research and implementation, so if you are interested in finding out more, simply contact a member of our team who will be happy to help and discuss this with you.
If you have any further questions, please feel free to look through our FAQ section, or feel free to raise a ticket and we will be happy to help.
Q03Rapidswitch/iomart are GDPR Compliant?
Rapidswitch/iomart are GDPR compliant
GDPR compliance can’t actually be “certified” as there is no official certification process. However, you can rest assured that iomart fully satisfies all our obligations under the new regulations.
As the UK’s most accredited provider of managed cloud services, we build data protection and data security into every aspect of our operations. We continue to incorporate our multiple ISO accreditations plus international guidelines and codes of practice into our management standards.
Iomart (Our parent company) are ISO 9001 and 27001 certified.
These ISOs cover data protection, security, compliance and quality of service.
Iomart's ISO accreditations are held with Isoqar.
To ensure our continued compliance, third parties can verify our ISO status by contacting Isoqar.
Their contact details can be found on: https://www.alcumusgroup.com/certification-and-accreditation/
Our certificate number is 7235 (Please use this to verify our ISO status when contacting Isoqar)
What does this mean for iomart customers?
GDPR splits organisations into Data Processors and Data Controllers. Data Controllers (i.e. our customers) determine the means and purposes of collecting personal data. Data Processors (i.e. iomart) is responsible for processing that data on behalf of the Data Controller.
There are some specific obligations that relate to each type of organisation under GDPR. iomart has done everything required to ensure we meet the Data Processor obligations, but, while this does help our customers, it, unfortunately, doesn’t automatically mean that our customers meet all the requirements of being a Data Controller.
Q04Are your Datacentres PCI Compliant?
As a business, we are PCI compliant and have our own DR and BC documentation.
For our customers, we can also provide a PCI compliant platform and DR and BC plans. However, our customers are not able to use our PCI compliance to be compliant themselves, nor does us as the hosting provider having a DR or BC plan protect customers that do not have such plans in place.
Q05Do you have documents/reports for independant assurance certification, similar to ISAE?
We do not have a SOC report to hand as iomart does not have a ISAE 3402 SOC report that it can be shared.
As a UK company, the iomart Group is not required to be compliant with this standard. However, I believe iomart does meet the intricacies of this standard.
Firstly, being listed on the London Stock Exchange Alternative Investment Market (AIM) since 2000, the iomart Group plc has to meet the stringent regulatory requirements of the stock market and is therefore independently audited every six months with reports and documents published at http://www.iomart.com/investors/
Secondly, our accredited management systems which cover our operational sites in the UK include ISO 9001:2015 for quality assurance, ISO 27001:2013 for information security and ISO 20000-1:2011 for IT service.
They are all independently assessed every 6 months by an assessor from ISOQAR, a UKAS accredited certifying body. The auditor determines the effectiveness of the service controls in place and conformity with these global standards.