3W Infra, a fast-growing Infrastructure-as-a-Service hosting provider from Amsterdam with global operations and more than 4,000 dedicated servers under management, has attained the ISO/IEC 27001:2013 certification for Information Security Management together with Payment Card Industry Data Security Standard (PCI DSS) compliance. The certifications are validated by an independent third-party IT audit company, Noordbeek IT Audit, Compliance & Advisory.
The certifications achieved would help 3W Infra ensure that they have enterprise-grade controls in place to protect customer information and payment data while safeguarding business continuity. IT audit company Noordbeek has checked and validated a variety of processes as well as management and operating controls within 3W Infra’s organization to be able to grant 3W Infra the two ‘enterprise-grade’ security certifications.
To ensure that customers’ information is secure with 3W Infra, Noordbeek has validated things like 3W Infra’s business continuity, the documentation of organizational processes, separation of duties, managing (strategic) suppliers, IT system management, human resources policies and procedures, physical security measures in the offices and data center environment, handling and embedding of organizational knowledge, security incident reporting, and more.
Towards GDPR Compliance
3W Infra has received the ISO/IEC 27001:2013 and PCI-DSS certifications from Noordbeek IT Audit, Compliance & Advisory now and is able to send the third-party attestations to customers on their request.
“We see quite some service providers in the worldwide hosting industry eager to serve enterprises and other customers with high demands and mission-critical operations, but we don’t see many of them achieving accreditations like ISO/IEC 27001:2013 and PCI-DSS, especially not the relatively smaller hosting providers,” said Roy Premchand, Managing Director of 3W Infra. “We know it’s not cheap to have these ISO/IEC 27001 and PCI-DSS quality guarantees embedded in your organization, but we think it’s a good step towards GDPR compliance and a big plus for our mission-critical customers who already entrust their IT infrastructure to 3W Infra – among them international companies within gaming as well as cloud services providers with global operations. Besides that, we expect these enterprise-level accreditations to bring great value on a global level while attracting new types of customers from around the world within for example healthcare, finance, and government.”
To learn more about 3W Infra, visit www.3winfra.com.
SSAE 16 Certification
On top of the ISO/IEC 27001:2013 and PCI-DSS certifications achieved, 3W Infra is targeting expansion of accreditations embedded in the organization with an SSAE 16 certification in the future. While PCI-DSS is focused specifically on the data security of credit card information stored in a facility, SSAE 16 is more generally focused on the services operating environment and the internal controls of 3W Infra as a service provider.
“Although we’re a pure-play IaaS hosting provider, not a data provider, we do deliver managed engineering services through our Remote Hands solution to data services providers who store and process financial information,” added Mr. Premchand. “Our Data Center Neutral Remote Hands Service on the world’s main Internet hubs in Frankfurt, Amsterdam, and London, thus may require us to go for this SSAE 16 accreditation as well. Especially because the clients for this Remote Hands engineering service come from all over the world. Most of them are not in the position to drop by in the data center to check data processes and handling themselves. The 3W Infra engineering teams are an extension of their own organization so to say, and SSAE 16 would provide them an end-to-end data security guarantee.”
About ISO/IEC 27001 and PCI-DSS
ISO/IEC 27001:2013 is a worldwide-recognized information security management standard which would ensure that an organization can apply a framework to business processes to help identify, manage and reduce risks to information security. The standard does not only consider IT but all business operations of an organization.
The PCI-DSS (Payment Card Industry Data Security) standard is a proprietary standard for all organizations that process, transmit, or store payment cardholder data. The standard is providing a framework with technologies and practices that would need to be adhered to in order to protect and secure the cardholder data.
About 3W Infra
Founded in 2014 by some Internet and hosting industry veterans, 3W Infra is a global Infrastructure-as-a-Service (IaaS) hosting provider with great engineering knowledge and skills headquartered in Amsterdam, the Netherlands. The company’s enterprise-grade, ISO/IEC 27001:2013 and PCI-DSS certified hosting solutions are tailored to the specific needs of each customer. 3W Infra’s infrastructural solutions are engineered for scalability and cost-efficiency, with cloud-enabling services including colocation, dedicated servers, IP Transit, and high-level customer support. These solutions come with 3W Infra’s Remote Hands including Relocation engineering services at the world’s main Internet hubs in Amsterdam, Frankfurt and London.
As a fast-growing company aiming for sustainable growth, 3W Infra serves a dynamic array of different customer types with a variety of needs. The company’s flagship data center in Amsterdam features one of the lowest calculated pPUEs in the industry (1,04), which is highly energy-efficient. 3W Infra has a significant amount of colocation customers and more than 4,000 dedicated servers under management, while its global network now exceeds 160 Gigabit/sec (Gbps) of available bandwidth. 3W Infra’s customer base includes some of the largest Internet, gaming, broadcasting and cloud services companies in Europe and beyond.
About Noordbeek IT Audit, Compliance & Advisory
Noordbeek B.V. was founded in 2006 by Prof. Dr. Ir. Ronald Paans, Professor of Postgraduate IT Audit training at the VU University in Amsterdam. Noordbeek is an IT audit and consulting firm specializing in certification programs and handling of complex IT-related issues. Offerings range from certifications in the field of PCI DSS, ISO 27001, ISAE 3402, COBIT 5.0 to consultancy projects such as improving the connection of IT to business processes and making the cooperation between service provider and customer more effective.