LeaseWeb, one of the world’s largest hosting brands with more than 65,000 physical servers under management, has achieved ISO 27001:2013, PCI DSS certifications and SOC 1 Type II assurance reports for its independent global entities, following the development of a new multi-audit approach together with EY, formerly Ernst & Young. The certifications would assure customers that data and transactions are shielded from online fraud.
The three different certifications and reports assure customers that hosting infrastructure, data handling and security meet industry-leading standards required by global Internet-based businesses.
To reduce the length of the audit cycle and the required control points, LeaseWeb has created an innovative multi-audit framework in-house. The new multi-audit framework is now also available for LeaseWeb clients and partners as a foundation to build their own auditing frameworks.
Audit firm EY was enlisted to ensure the model provided a unified approach towards certifying LeaseWeb’s data centers and its variety of entities and corporate offices in Europe, U.S., and Asia Pacific. Comsec Consulting, provider of information security services, provided the required QSA services to support the framework in cooperation with EY.
Cyber Security and Online Fraud
“Trust is the basis on which businesses are built, but issues with cyber security and online fraud have put technology-enabled organizations in the spotlight,” said René Olde Olthof, Managing Director, LeaseWeb Global Services. “They need to demonstrate to their customers, shareholders and other stakeholders that they have rigorous certifications in place to reduce risk wherever possible. We have worked closely with EY on achieving ISO 27001, PCI DSS certifications and SOC 1 Type II assurance reports to help make this process as effortless as possible. These certificates and reports assure that data and transactions are kept secure and comply with legal requirements, in turn providing more business opportunities across the board.”
- ISO 27001 – International Organization for Standardization (ISO) 27001:2013 is the international security standard used to benchmark the protection of sensitive data.
- PCI DSS – The Payment Card Industry Data Security Standard (PCI DSS) provides a robust security framework for protecting payment card data and personal, privacy-sensitive information.
- SOC 1 Type II – Service Organization Controls (SOC) 1 Type II validates the security of infrastructures and hosting services relating to internal control over financial reporting. This helps to ensure that LeaseWeb customers comply with financial reporting regulations, such as the Sarbanes Oxley Act.
“LeaseWeb auditors and the EY team greatly increased the audit efficiency of LeaseWeb’s expanding global operations, bundling control points and making future audits much easier,” said Dennis Houtekamer, Executive Director, EY. “It has again proven to be such a strong model that we will further leverage LeaseWeb’s approach to audit similar Internet service providers.”