Our Physical Infrastructure & Certification Information

We take data and site security very seriously. As such, we routinely have external auditors ISO certify all our sites, with the relevant accreditations for the hosting environment.

As part of the iomart Group, our ISO Accreditations are held under the company name of iomart. Iomart and all our sites are 9001 and 27001 certified. These certificates are recommended by the British government for hosting companies and guarantee that our site’s security, documentation, service standard and processes are all of a high standard, as expected of a data centre. Our ISO accreditations are held with the external auditing company ISOQAR.

The 9001 and 27001 certifications are predominantly used in the UK, but these certificates are of an international standard and are internationally recognised. These ISOs cover data protection, security, compliance and quality of service.

Our compliance with these standards is a continual process, with spot checks being performed by auditors as part of the compliance process, on a regular basis.

If you require more information about our ISO accreditations, please visit iomart’s accreditations webpage, found here:

https://www.iomart.com/about-iomart/accreditations/

If you wish to verify our certificates and see our continued compliance, you can do so independently by going through ISOQAR. Our certificate number is '7235'. Here is a link to ISOQAR’S website:

https://www.alcumusgroup.com/isoqar/customer-area/validate-a-certificate

If you have any further questions about our ISO accreditations, please feel free to get in touch.

Yes we do. PCI compliance can be an onerous undertaking, both in regards to research and implementation, so if you are interested in finding out more, simply contact a member of our team who will be happy to help and discuss this with you.

If you have any further questions, please feel free to look through our FAQ section, or feel free to raise a ticket and we will be happy to help.

Rapidswitch/iomart are GDPR compliant

GDPR compliance can’t actually be “certified” as there is no official certification process. However, you can rest assured that iomart fully satisfies all our obligations under the new regulations.

As the UK’s most accredited provider of managed cloud services, we build data protection and data security into every aspect of our operations. We continue to incorporate our multiple ISO accreditations plus international guidelines and codes of practice into our management standards.

Iomart (Our parent company) are ISO 9001 and 27001 certified.
These ISOs cover data protection, security, compliance and quality of service.

Iomart's ISO accreditations are held with Isoqar.

To ensure our continued compliance, third parties can verify our ISO status by contacting Isoqar.

Their contact details can be found on: https://www.alcumusgroup.com/certification-and-accreditation/

Our certificate number is 7235 (Please use this to verify our ISO status when contacting Isoqar)

What does this mean for iomart customers?

GDPR splits organisations into Data Processors and Data Controllers. Data Controllers (i.e. our customers) determine the means and purposes of collecting personal data. Data Processors (i.e. iomart) is responsible for processing that data on behalf of the Data Controller.

There are some specific obligations that relate to each type of organisation under GDPR. iomart has done everything required to ensure we meet the Data Processor obligations, but, while this does help our customers, it, unfortunately, doesn’t automatically mean that our customers meet all the requirements of being a Data Controller.

As a business, we are PCI compliant and have our own DR and BC documentation.

For our customers, we can also provide a PCI compliant platform and DR and BC plans. However, our customers are not able to use our PCI compliance to be compliant themselves, nor does us as the hosting provider having a DR or BC plan protect customers that do not have such plans in place.

We do not have a SOC report to hand as iomart does not have a ISAE 3402 SOC report that it can be shared.

As a UK company, the iomart Group is not required to be compliant with this standard. However, I believe iomart does meet the intricacies of this standard.

Firstly, being listed on the London Stock Exchange Alternative Investment Market (AIM) since 2000, the iomart Group plc has to meet the stringent regulatory requirements of the stock market and is therefore independently audited every six months with reports and documents published at http://www.iomart.com/investors/

Secondly, our accredited management systems which cover our operational sites in the UK include ISO 9001:2015 for quality assurance, ISO 27001:2013 for information security and ISO 20000-1:2011 for IT service.

They are all independently assessed every 6 months by an assessor from ISOQAR, a UKAS accredited certifying body. The auditor determines the effectiveness of the service controls in place and conformity with these global standards.

We maintain a high level of security across all of our data centre sites.

Our security procedures and infrastructure include, but are not limited to:

• 24x7, 365 days a year manned security and site monitoring.

• Biometric access policies.

• Smart Card access policies.

• Internal and external CCTV systems, running and monitored 24x7, 365 days a year.

• Security breach alarms.

We also have strict procedures in place for any visitors coming to our data centre; including:

• All visitors must have a genuine reason to visit a site.

• All visitors must provide us with at least 24 hour notice before coming onto site.

• All visitors must have a valid form of photo identification.

• All visitors must have the access code, which was generated for this visit.

• Once they arrive, all visitors will only have access to the section of the site they require access to.

• We retain the right to deny access to anyone who breaks any of the terms above.

Our site security policies are regularly audited, by a third party auditing company, as part of our security ISO certificates. To find out more, please read the FAQ section on “What ISO certificates do you have?”.

If you have any further questions about our sites, please look through our FAQ section or feel free to get in touch, and we will be happy to help.

We have several data centre sites spread across the UK and even some sites around the globe. Our data centres vary in size and setup; but all maintain high levels of security and quality of service.

Our data centres have:

• Strict security policies; including:

  • 24x7, 365 days a year manned security and monitoring

  • Smart card and/or biometric access policies

  • Internal and external CCTV systems

  • Security breach alarms.

• Back-up power infrastructure; including:

  • Generators

  • UPS units

  • Dual independent power feeds.

• 24x7, 365 days a year support; with our sites having Network Operations Centre engineers on site all year round, ready to help.

• Stable environmental conditions; including:

  • 24x7 environmental monitoring systems

  • Constant evaluation and testing of all environmental control systems

  • N+1 redundant Heating Ventilation Air Conditioning (HVAC) systems

  • Fully redundant air handling units which provide constant fresh airflow

  • In-built fire suppression systems.

• Network Interconnectivity; including:

  • Diverse fibre routing via multiple carriers

  • Cross connection to a number of Tier 1 carriers

  • Scalable architecture, including multiple redundant core switches and routers

As part of the Iomart group, you can find more details about our data centre sites through iomart’s website:

https://www.iomart.com/about-iomart/uk-data-centres/

If you have any further question which are not answered by our FAQ page or iomart’s webpage, please feel free to get in touch and we will be happy to help.

Our Datacentre Infrastructure is Tier 3

A Tier 3 data centre has multiple paths for power and cooling and systems in place to update and maintain it without taking it offline. It has an expected uptime of 99.982% (1.6 hours of downtime annually).

Fundamentally, your applications should be hosted in at least a Tier 2 data centre but preferably Tiers 3 or 4. The Tier system is a guide for the datacentre infrastructure design

As you move up each Tier you can expect more redundancy:

• Tier 2 data centres: redundant capacity components
• Tier 3 data centres: meet or exceed Tier 2 requirements; multiple independent distribution paths that serve IT equipment; hardware is dual powered
• Tier 4 data centres: meet or exceed Tier 3 requirements; the facility is fault-tolerant through electrical, storage and distribution networks; cooling equipment is dual powered.

The Tier system can be used as a rough indicator of how much downtime you can expect from your application’s data centre.

As Tier level corresponds to cost, you need to decide what level of redundancy you can afford and potentially how much application downtime you can accept.

Moving from Tier 3 to Tier 4, for example, will increase your hosting costs significantly.