OneNeck^® IT Solutions has announced it has earned ISO 27001:2013 certification at its Tier 3 data centers in the Midwest. Today’s announcement follows the company’s 2014 news that its Eden Prairie, Minn. facility was ISO 27001:2005 certified. Now, in addition to its Minnesota facility, OneNeck data centers in Des Moines, IA, and Madison, WI. are also ISO 27001 certified. The scope of the certification has also been expanded to include OneNeck’s headquarters in Scottsdale, Ariz.

ISO 27001 is a global security standard that sets requirements for the industry’s Information Security Management System (ISMS). In order to earn ISO 27001 certification, a company’s ISMS is reviewed. In addition, the review process includes scrutinization of the company’s information security controls to ensure confidentiality, integrity and availability of all sensitive information assets.

“We pursued this certification to assure our customers we were meeting the most widely accepted security management parameters in the industry,” said Clint Harder, CTO and senior vice president of Product Strategy at OneNeck. “Having an objective third-party assess our systematic approach affirms we are managing sensitive customer information and following internationally accepted best practices.”

The ISO 27001 ISMS at OneNeck was certified by BrightLine, a leading provider of attestation and compliance services. BrightLine is a CPA firm, an ISO Certification Body, a PCI Qualified Security Assessor, and a FedRAMP 3PAO.

The certification verifies that OneNeck is following the standard ISO information security management protocols and best practices as they relate to the company’s colocation services and operations at their headquarters in Arizona, as well their data centers in Iowa, Minnesota and Wisconsin.

The ISO process includes a Plan-Do-Check-Act cycle for continuous quality improvement.

Planning includes a review of policies and procedures; it looks at how and what is done to secure the environment and comply with the ISO 27001 standard.

“Do” looks at implementation of policies and procedures.

“Check” reviews internal audits, measures process performance, and reviews the effectiveness of the ISMS.

Act is the action phase and includes making refinements and corrective actions based on the output of the check phase.

“Earning ISO 27001 certification is an ongoing process,” Harder added. “It ensures that OneNeck’s information security measures continue to be strong and effective. For our customers, it means we are ‘audit-ready’ which is critical to our customers with heavy compliance requirements. In fact, by achieving this certification, it helps streamline the due diligence process many of our customers must go through on an annual basis.”

OneNeck also regularly submits itself to third-party audits including a Type 2 SSAE 16 (SOC 1) examination, PCI DSS, HIPAA/HITECH AT 101, of which some of the control activities defined by OneNeck management align with ISO 27001.