OneNeck IT Solutions, a wholly owned subsidiary of Telephone and Data Systems and a provider of hybrid IT including cloud and hosting solutions, has earned ISO 27001:2013 certification at its Tier 3 data centers in the Midwest. The announcement follows the company’s 2014 news that its Eden Prairie, Minnesota facility was ISO 27001:2005 certified.
The ISO/IEC 27001:2013 at OneNeck was certified by BrightLine, a provider of attestation and compliance services. BrightLine is a CPA firm, an ISO Certification Body, a PCI Qualified Security Assessor, and a FedRAMP 3PAO.
The certification verifies that OneNeck IT Solutions is following the standard ISO information security management protocols and best practices as they relate to the company’s colocation services and operations at their headquarters in Arizona, as well their data centers in Iowa, Minnesota and Wisconsin.
“We pursued this certification to assure our customers we were meeting the most widely accepted security management parameters in the industry,” said Clint Harder, CTO and senior vice president of Product Strategy at OneNeck. “Having an objective third-party assess our systematic approach affirms we are managing sensitive customer information and following internationally accepted best practices.”
The ISO process includes a Plan-Do-Check-Act cycle for continuous quality improvement.
- Planning includes a review of policies and procedures; it looks at how and what is done to secure the environment and comply with the ISO 27001 standard.
- “Do” looks at implementation of policies and procedures.
- “Check” reviews internal audits, measures process performance, and reviews the effectiveness of the ISMS.
- “Act” is the action phase and includes making refinements and corrective actions based on the output of the check phase.
“Earning ISO 27001 certification is an ongoing process,” added Harder. “It ensures that OneNeck’s information security measures continue to be strong and effective. For our customers, it means we are ‘audit-ready’ which is critical to our customers with heavy compliance requirements. In fact, by achieving this certification, it helps streamline the due diligence process many of our customers must go through on an annual basis.”
OneNeck IT Solutions also regularly submits itself to third-party audits including a Type 2 SSAE 16 (SOC 1) examination, PCI DSS, HIPAA/HITECH AT 101, of which some of the control activities defined by OneNeck management align with ISO 27001.