Our UK (two facilities) and Hong Kong (one) data centres are certified to the international standard for information security, ISO 27001.
This standard provides a framework for managing a business’ security responsibilities and provides external assurance for customers as to the scope and scale of our secure environment via our Business Security Management System.
Since 2009 our system has provided the foundation for an integrated and sustainable security model working in tandem with our other security controls such as PCI-DSS. It is subject to on-going external assessment by our certification body, Certification Europe with a full re-assessment every three years.
A copy of our certification can be viewed here: ISO 27001 certificate
Fanatical SupportTM underpins who we are. To help formally recognise this, our UK Enterprise and support functions are certified to this internationally recognised standard.
This provides evidence of our commitment to the end-to-end delivery of customer service: from your very first contact with Rackspace right through to the completion of service requests – and everything in between! ISO 9001 also aligns neatly with our Fanatical Support Promise ensuring the quality principles of ISO 9001 are actively embraced in our day-to-day Fanatical Support to customers.
A copy of our certification can be viewed here: ISO 9001 certificate
Rackspace utilises this globally recognised standard for reporting on service organisation controls to demonstrate that selected Rackspace processes, procedures and controls have been formally evaluated and tested by an independent accounting and auditing company (service auditor) for our managed hosting customers, cloud servers & cloud files customers and all our data centres. The examination includes controls relating to security monitoring, change management, service delivery, support services, back-up, environmental controls, logical and physical access, providing a detailed description of our controls and the effectiveness of those controls.
Rackspace Hosting has completed an examination in conformity with the International Standard for Assurance Engagements (ISAE) No 3402 Type II Service Organization Control (SOC2) 1 for the period between 1st October 2011 and 30th September 2012. This is repeated on an annual basis for each reporting period. Rackspace recognises the needs of our global customers and has worked with the service auditor to have the report issued with a joint opinion (SOC2) that satisfies the requirements of both the ISAE 3402 and the SSAE 16 (created by AICPA (American Institute of Certified Public Accountants) for use in the US mirroring ISAE 3402)). This report is available upon request to customers and prospects.
Due to the restricted distribution of the SOC2 report, Rackspace has obtained a SOC 3 report from our service auditors. The key difference between SOC 2 and SOC 3 reports is that the former contains a detailed description of the service auditor's tests and results of controls as well as the auditor's opinion on the description of the service organization's system. A SOC 3 report provides only the auditor's report on whether the system achieved the trust services criteria. There is no description of tests and results or opinion on the description of the system.
To view Rackspace's SOC 3 Report, please click on the SOC 3 logo and you will be redirected to the independently hosted report.
The Payment Card Industry Data Security Standard (PCI DSS) is a global information security standard defined by the Payment Card Industry Security Standards Council (PCI SSC).
The purpose of the standard is to reduce credit card fraud. This is achieved through increased controls around data and its exposure to compromise. The standard applies to all organizations which process, store, or transmit cardholder information. In June 2009, Rackspace was approved by Visa as a Compliant Level 1 Payment Card Industry (PCI) Service Provider and continues to be audited annually to ensure continued adherence to the requirements of the standard. For more information on PCI DSS please visit PCI Security Standards.
Rackspace Limited takes its environmental and workplace responsibilities seriously, from ensuring we provide a safe and healthy working environment for our Rackers through to our commitments to the wider world: legally and morally. Our joint policy attests to these commitments.
In support of this, our UK data centre and offices are certified to both the international environmental management standard, ISO 14001, which provides a framework for managing our environmental responsibilities, including energy and waste management, and BS OHS 18001 for our commitment to workplace wellbeing.
Both certifications are subject to on-going external assessment by our certification body, BSI (British Standards Institution), with a full re-assessment every three years.