LeaseWeb, one of the world’s largest hosting brands, has achieved ISO 27001:2013, PCI DSS certifications and SOC 1 Type II assurance reports for its independent global entities, following the development of a new multi-audit approach together with EY.
The three different certifications and reports assure customers that infrastructure, data handling and security meet industry-leading standards required by global internet-based businesses.
“Trust is the basis on which businesses are built. But issues with cybersecurity and online fraud have put technology-enabled organizations in the spotlight. They need to demonstrate to their customers, shareholders and other stakeholders that they have rigorous certifications in place to reduce risk wherever possible. We have worked closely with EY on achieving ISO 27001, PCI DSS certifications and SOC 1 Type II assurance reports to help make this process as effortless as possible. These certificates and reports assure that data and transactions are kept secure and comply with legal requirements, in turn providing more business opportunities across the board.” said René Olde Olthof, Managing Director, LeaseWeb Global Services.
To reduce the length of the audit cycle and the required control points, LeaseWeb has created an innovative, custom compliance multi-audit framework in-house. The new model can also be used by LeaseWeb clients and partners as a foundation to build their own auditing frameworks. Audit firm EY was enlisted to ensure the model provided a unified approach towards certifying LeaseWeb’s data centers and variety of entities and corporate offices in Europe, U.S., and Asia Pacific. Comsec Consulting, provider of information security services, provided the required QSA services to support the framework in cooperation with EY.
Dennis Houtekamer, Executive Director, EY said: “LeaseWeb auditors and the EY team greatly increased the audit efficiency of LeaseWeb’s expanding global operations, bundling control points and making future audits much easier. It has again proven to be such a strong model that we will further leverage LeaseWeb’s approach to audit similar internet service providers.”
About the Certifications
ISO 27001
International Organization for Standardization (ISO) 27001:2013 is the international security standard used to benchmark the protection of sensitive data.
The accreditation process was carried out by EY CertifyPoint and encompassed organizational security policies, personnel security, physical security, systems and network security, and business continuity management.
PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) provides a robust security framework for protecting payment card data and personal, privacy-sensitive information. LeaseWeb was guided through the process by Comsec Consulting, a qualified QSA Company, focusing on the physical security measures of LeaseWeb’s German and U.S. based entities.
PCI DSS especially caters to the compliance validation needs of LeaseWeb’s e-commerce customer channel. Businesses that handle transactions on behalf of customers need to pay particular attention to how payments are authenticated and controlled. A new version of the standard – 3.0 – was implemented in January this year and has a special focus on third party services assurance. With the completion of the PCI DSS certification and aligning to the newest version, LeaseWeb assures its clients of maintaining high standards of security and quality throughout its services.
SOC 1 Type II
Service Organization Controls (SOC) 1 Type II validates the security of infrastructures and hosting services relating to internal control over financial reporting. This helps to ensure that LeaseWeb customers comply with financial reporting regulations, such as the Sarbanes Oxley Act.
The SOC 1 assurance report distinguishes LeaseWeb’s independent services organizations by demonstrating the establishment of strict control objectives and effectively designed procedural activities for all its (cloud) hosting solutions. The certification was carried out by EY.
Olde-Olthof comments: “Risk assessment and transparent management reviews have become an integral part of purchasing cloud-related services and contracting service providers. Obtaining these certificates and reports assures customers that all LeaseWeb entities in any location worldwide have effective operational controls and meet stringent audit levels for data protection and reliability.”