ISO 27001

ISO 27001 is an international standard that defines an Information Security Management System which, being auditable, is a test of an organisation’s controls. Information Security Management Systems (especially those based on recognised standards such as ISO 27001, COBIT, ITIL, etc.) are the foundation for sustainable security. The flexibility and proactive capability built into an ISO 27001 compliant ISMS allow an organisation to react to new challenges in an effective, formal manner. A full reassessment is required every 3 years, and surveillance audits which review a section of the ISMS are performed every 6 months. Customers may contact our auditors (Certification Europe) to verify the validity of the LON3 and LON1 data centre certification, which can also be viewed on the Certification Europe website by following the link below.

SAS 70 Type II

At Rackspace we take the assets and data you’ve entrusted us with as a serious responsibility. We have implemented many processes and safeguards designed to protect your most mission critical information. The SAS 70 Type II Certification is designed to give the peace of mind to know that our processes and procedures are held to a higher standard and that your data will remain secure throughout your partnership with Rackspace. We view a SAS 70 Type II examination as a necessity. A service auditor's examination performed in accordance with SAS No. 70 ("SAS 70 Audit") is widely recognized, because it represents that a service organization has been through an in-depth audit of their control objectives and control activities, which often include controls over information technology and related processes. A Type II report not only includes the service organization's description of controls, but also includes detailed testing of the design and operating effectiveness of the service organization's controls. Rackspace has implemented SAS 70 Type II certifications across all its data centers. Rackspace is in the process of transitioning from the SAS70 standard to its international replacement, ISAE 3402.

PCI Data Security Standard

The Payment Card Industry Data Security Standard (PCI DSS) is a global information security standard defined by the Payment Card Industry Security Standards Council (PCI SSC). The purpose of the standard is to reduce credit card fraud. This is achieved through increased controls around data and its exposure to compromise. The standard applies to all organizations which process, store, or transmit cardholder information. In June 2009, Rackspace was approved by Visa as a Compliant Level 1 Payment Card Industry (PCI) Service Provider.