IaaS Hosting Company 3W Infra achieves certification for compliance with ISO 27001 and PCI-DSS standards
3W Infra, an Infrastructure-as-a-Service (IaaS) hosting provider from Amsterdam with global operations and more than 4,000 dedicated servers under management, has attained the ISO/IEC 27001:2013 certification for Information Security Management together with Payment Card Industry Data Security Standard (PCI DSS) compliance.
Validated by independent third-party IT audit company Noordbeek B.V., these certifications would help 3W Infra ensure that they have enterprise-grade controls in place to protect customer information and payment data while safeguarding business continuity.
IT audit company Noordbeek B.V. has checked and validated a variety of processes as well as management and operating controls within 3W Infra’s organisation to be able to grant 3W Infra the two ‘enterprise-grade’ security certifications.
To ensure that customers’ information is secure with 3W Infra, Noordbeek has validated things like 3W Infra’s business continuity, the documentation of organisational processes, separation of duties, managing (strategic) suppliers, IT system management, human resources policies and procedures, physical security measures in the offices and data center environment, handling and embedding of organisational knowledge, security incident reporting, and more.
3W Infra has received the ISO/IEC 27001:2013 and PCI-DSS certifications from Noordbeek IT Audit, Compliance & Advisory now and is able to send the third-party attestations to customers on their request.
“We see quite some service providers in the worldwide hosting industry eager to serve enterprises and other customers with high demands and mission-critical operations, but we don’t see many of them achieving accreditations like ISO/IEC 27001:2013 and PCI-DSS, especially not the relatively smaller hosting providers,” said Roy Premchand, managing director of 3W Infra.
“We know it’s not cheap to have these ISO/IEC 27001 and PCI-DSS quality guarantees embedded in your organisation, but we think it’s a good step towards GDPR compliance and a big plus for our mission-critical customers who already entrust their IT infrastructure to 3W Infra – among them international companies within gaming as well as cloud services providers with global operations.”
“Besides that, we expect these enterprise level accreditations to bring great value on a global level while attracting new types of customers from around the world within for example healthcare, finance, and government.”
SSAE 16 Certification
On top of the ISO/IEC 27001:2013 and PCI-DSS certifications achieved, 3W Infra is targeting expansion of accreditations embedded in the organisation with an SSAE 16 certification in the future. While PCI-DSS is focused specifically on the data security of credit card information stored in a facility, SSAE 16 is more generally focused on the services operating environment and the internal controls of 3W Infra as a service provider.
“Although we’re a pure-play IaaS hosting provider, not a data provider, we do deliver managed engineering services through our Remote Hands solution to data services providers who store and process financial information,” added Mr. Premchand.
“Our Data Center Neutral Remote Hands Service on the world’s main Internet hubs in Frankfurt, Amsterdam and London, thus may require us to go for this SSAE 16 accreditation as well. Especially because the clients for this Remote Hands engineering service come from all over the world. Most of them are not in the position to drop by in the data center to check data processes and handling themselves. The 3W Infra engineering teams are an extension of their own organisation so to say, and SSAE 16 would provide them an end-to-end data security guarantee.”