In-house Compliance Team
Whether you have added in a new compliance requirement, adjusted your controls
or simply want to ask a question, the iland Compliance Team is available!

Schedule a Free Consultation

ISO 27001
The International standard for information security and risk management, the ISO 27001 certification ensures that the organization you are working with adheres to best practices for data protection as well as extensive risk management evaluations.
iland maintains ISO 27001 certifications for its data centers as well as full corporate review and certification of its operations; from accounting through engineering data protection and risk management are daily activities.We’re so proud of our results we’ll show you! Customers not only receive the certification but also the auditor’s report where we maintain zero non-conformities.

Regions applicable: Global

ISO 9001
ISO 9000 family of quality management systems (QMS) standards is designed to help organizations ensure that they meet the needs of customers and other stakeholders while meeting statutory and regulatory requirements related to a product or service. Quality and quality management are intrinsic to all operations, services, products and activities of iland, and we are proud to be ISO 9001 certified for our products and services.
Regions applicable: Global

BS 10012
iland is one of the first UK organisations certified by the British Standards Institution (BSI) to the global data protection scheme – BS 10012:2017, demonstrating that we are proactively protecting data and managing personal information securely and effectively both within our organisation and for data stored in the iland secure cloud.
BS 10012:2017 specifies the requirements for an organization to adopt a Personal Information Management System (PIMS). A PIMS provides a framework for maintaining and improving compliance with data protection. The standard was revised recently to align with the key principles of the GDPR, which became law on 14 April 2016 and will be mandated from 25 May 2018.

Regions applicable: United KingdomEuropean Union

CSA STAR Certification
Whereas ISO 27001 is industry agnostic the CSA STAR Certification builds on top with very specific cloud provider controls. The CSA STAR Certification is a rigorous third-party independent assessment of the security of a cloud service provider. The technology-neutral certification leverages the requirements of the ISO/IEC 27001:2005 management system standard together with the CSA Cloud Controls Matrix; meaning it builds upon the ISO 27001 standard.
iland maintains a Gold Level certification with the CSA, leading a very elite group. The Gold designation denotes the maturity of process and policies within the organization reviewed against industry best practices.

Regions applicable: Global

HITRUST Compliance
Founded in 2007, HITRUST has pioneered programs that safeguard sensitive information and manage information risk for global organizations across all industries. In collaboration with privacy, information security and risk management leaders from the public and private sectors, HITRUST develops and maintains its widely-adopted common risk and compliance management frameworks, related assessment and assurance methodologies. The HITRUST Approach provides organizations a comprehensive information risk management and compliance program to provide an integrated approach that ensures all programs are aligned, maintained and comprehensive to support an organization’s information risk management and compliance objectives..
iland maintains a Gold Level certification with the CSA, leading a very elite group. The Gold designation denotes the maturity of process and policies within the organization reviewed against industry best practices.

Regions applicable: Global

EU/US Privacy Shield
The EU-US Privacy Shield is a framework for transatlantic exchanges of personal data for commercial purposes between the European Union and the United States. One of its purposes is to enable US companies to more easily receive personal data from EU entities under EU privacy laws meant to protect European Union citizens.
iland operates and fully conforms with the EU-US Privacy Shield framework ensuring that customer data is correctly maintained and handled, proper notification and privacy protections are in place and data sovereignty is enforced.
Regions applicable: United StatesEuropean Union

Information Commissioners Office or ICO maintains the privacy rights and protections for entities operating within the United Kingdom (UK). ICO requires that organizations operating within the UK conform to privacy and data protection regulations and that personal data is correctly handled.
Full registration is maintained by iland and publicly facing privacy statements and documentation pertaining to UK specific data controls are available for all customers of iland.
Regions applicable: United Kingdom

ITIL, formally an acronym for Information Technology Infrastructure Library, is a set of detailed practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business. ITIL requires extensive documentation, certified staff, and alignments within organizations to achieve successful outcomes.
iland maintains ITIL certified staff from Foundations through Expert to ensure proper IT Service alignment, optimizations and operates under the most recent version, ITIL v2011. Additionally, this is audited annually through the ISO 20000 process.
Regions applicable: Global

SSAE 16 Service Organization Control 2 (SOC2), reports on various organizational controls related to security, availability, processing integrity, confidentiality or privacy performed by the AICPA as a third-party audit. SOC2 is not a state in time audit but a full review of performance to defined policies and processes looking backward.
iland operates within the United States SOC2 attested data centers to ensure that all services are independently evaluated and the proper controls are utilized.
Regions applicable: Global

The Payment Card Industry Data Security Standard (PCI-DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council.
Validation of compliance is performed annually for iland data centers as well as operations and business functions and a Self-Assessment Questionnaire (SAQ) is available for customers.
Regions applicable: Global

A joint program of the FBI, State Identification Bureaus, and CJIS Systems Agency, the Criminal Justice Information Services (CJIS) Security Policy outlines the security precautions that must be taken to protect sensitive law enforcement information. The CJIS Security Policy contains specific requirements for wireless networking, remote access, encryption, certification of cryptographic modules, and minimum key lengths.
In conjunction with NIST 800-53 and FIPS 140-2 architecture iland ensures strict adherence to data controls and data access requirements.
Regions applicable: United States

The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU.
Though not fully in effect till May of 2018 iland is committed to ensuring adherence for EU and UK data center operations under the GDPR regulations, inclusive of maintaining a Data Protection Officer (DPO) for oversight and auditory requirements.
Regions applicable: European Union

Cyber Essentials
Cyber Essentials is an annual UK government framework set of security controls to protect information from internet-facing threats and breaches and includes reviews of organizational firewalls, data services, virus and threat management and patching practices.

Regions applicable: United KingdomEuropean Union

NIST 800-53
NIST Special Publication 800-53 provides a catalog of security controls for all U.S. federal information systems except those related to national security. NIST develops and issues standards, guidelines, and other publications to assist federal agencies in implementing the Federal Information Security Management Act (FISMA). NIST 800-53 is the foundation of nearly all security requirements within the IT space.
Alignment to NIST 800-53 is performed within iland at all levels, from the requirements to use FIPS standards through the physical access requirements for data center access. Customers are encouraged to review our policies and processes to evaluate our alignments and help ensure alignment to their requirements.
Regions applicable: Global

iland adheres to the United States International Traffic in Arms Regulations (ITAR) compliance requirements and is a registered entity with the United States Department of State for the handling of data that pertains to ITAR. These include geographical controls as well as staff controls to ensure that data is housed and handled only by authorized US employees.
Regions applicable: United States

Autoriteit Persoonsgegevens
With EU presence and operations within Amsterdam personal data protection is also overseen by the Autoriteit Persoonsgegevens based in the Netherlands. Responsible for personal data requirements general to the EU and specific to the Netherlands, Autoriteit Persoonsgegevens strictly enforces conformity not to just general data protection regulations but also country specific controls and personal rights.
iland is committed to ensuring conformity to Dutch privacy and data sovereignty laws and maintains strict adherence.
Regions applicable: Netherlands

Model Contract Clause Offering
Ensuring EU data protection and remaining compliant with data sovereignty requirements? iland provides for its customers Model Contract Clauses for the contractual movement of data for both Controllers and Processor entities, ensuring that the movement of data conforms to EU regulations and requirements.
Regions applicable: European UnionUnited Kingdom

Singapore Personal Data Protection Act
For customers operating within Singapore, iland maintains and adheres to all privacy requirements outlined under the Personal Data Protection Act (PDPA) of 2012 for citizens and legal operations within the Singapore region. Protection of individuals rights is paramount to proper data sovereignty!
Regions applicable: Singapore

Australian Privacy Principles
Very similar to the need to adhere to the EU GDPR requirements, Australian law requires that personal data be managed and protected in accordance with the Australian Privacy Principles (APPs) noted within the Privacy Act 1988. iland maintains strict adherence to data sovereignty and privacy requirements for all Australian operations.
Regions applicable: Australia

Got questions? Talk one-on-one with our compliance experts

Read how iland is responding to COVID-19.

Learn More