iland Compliance

Compliance-first approach to application
performance, protection, and recovery in the cloud
iland Compliance certifications and attestations

Designed with compliance in mind

At iland, we know that keeping your data safe is a challenge and that some businesses have more complex compliance requirements than others.

That’s why we built our platform with a compliance-first approach to data security and protection.

Whether you are running mission-critical applications in the cloud, or protecting them with backup or disaster recovery, all iland services include industry and geographic-specific certifications, a dedicated compliance team, and comprehensive reporting to ensure all your compliance requirements are met.

All iland services undergo regular, independent verification of security, privacy, and compliance controls,
achieving certifications, attestations, and audit reports to demonstrate compliance.

Dedicated, in-house compliance
team ready to assist

All iland Cloud services are supported by our in-house certified compliance team. This team is dedicated to ensuring iland’s systems meet regulatory requirements across the globe and adhere to industry best-practice standards.

Our compliance team can answer your due diligence questions before, during, and after your cloud deployment, and provide the documentation you need to conduct your third-party audits.

Comprehensive, on-demand compliance reporting

The iland Secure Cloud platform provides many of the control mechanisms and reporting needed to address compliance requirements. However, both configuring the environment according to your needs – and sifting through the paperwork of an audit – is best done hand-in-hand with an iland certified compliance professional. To meet those needs, iland has a wide range of compliance certifications and attestations that help evidence the compliance & security measures iland has in place to protect your data. Click on the tabs to learn more about each program & you can always reach out to iland’s certified compliance team to answer any of your questions.

Compliance certifications and attestations

Australian Privacy Principles

Very similar to the need to adhere to the EU GDPR requirements, Australian law requires that personal data be managed and protected in accordance with the Australian Privacy Principles (APPs) noted within the Privacy Act 1988. iland maintains strict adherence to data sovereignty and privacy requirements for all Australian operations.

Regions applicable:


Autoriteit Persoonsgegevens

With EU presence and operations within Amsterdam personal data protection is also overseen by the Autoriteit Persoonsgegevens based in the Netherlands. Responsible for personal data requirements general to the EU and specific to the Netherlands, Autoriteit Persoonsgegevens strictly enforces conformity not to just general data protection regulations but also country specific controls and personal rights. iland is committed to ensuring conformity to Dutch privacy and data sovereignty laws and maintains strict adherence.

Regions applicable:


CCPA

Under the California Consumer Privacy Act (CCPA), California consumers may be entitled to certain notices and disclosures regarding the collection and use of their Personal Information. This statement is intended to provide the Notice at Collection required under the CCPA.

We may collect Personal Information from you and use it for specified purposes. For a list of Categories of Personal Information that we collect and the Purposes for which we use such Personal Information, see iland privacy policy

While we do not sell Personal Information for monetary value, we may disclose Personal Information to third parties, such as our dealers, in such a way that may be considered a sale of Personal Information under CCPA. To stop such sales, please contact iland at [email protected]

For our general privacy policy see privacy policy

Regions applicable:


CJIS

A joint program of the FBI, State Identification Bureaus, and CJIS Systems Agency, the Criminal Justice Information Services (CJIS) Security Policy outlines the security precautions that must be taken to protect sensitive law enforcement information. The CJIS Security Policy contains specific requirements for wireless networking, remote access, encryption, certification of cryptographic modules, and minimum key lengths. In conjunction with NIST 800-53 and FIPS 140-2 architecture iland ensures strict adherence to data controls and data access requirements.

Regions applicable:


CSA STAR

The Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards such as ISO 27001 and SSAE 18 SOC 2. The STAR registry documents the security and privacy controls provided by popular cloud computing offerings. The CSA STAR is a publicly accessible registry that allows cloud customers to assess an organization’s security practices to make the best procurement decisions. iland participates in the voluntary CSA STAR self-assessment to document iland’s compliance with CSA-published best practices. Additionally, iland aligns to CSA STAR’s attestation and certification based on iland’s ISO 27001 and SSAE 18 SOC 2 third-party audit programs.

Regions applicable:


Cyber Essentials

Cyber Essentials is a UK government framework set of security controls to protect information from internet-facing threats and breaches and includes reviews of organizational firewalls, data services, virus and threat management system, and patching practices. iland participates in the voluntary Cyber Essentials self-assessment annually to document iland’s compliance with the National Cyber Security Centre’s best practices. Additionally, iland aligns to Cyber Essentials attestation and certification based on iland’s ISO 27001 and ISO 27701 third-party audit programs.

Regions applicable:


GCloud

The G-Cloud framework is an agreement between the UK government and suppliers who provide cloud-based services that is orchestrated through the Crown Commercial Service (CCS). Through the GCloud framework, suppliers can provide public sector buyers with cloud-based services. iland is a supplier on the current GCloud framework for all of iland’s award-winning products.

Regions applicable:


GDPR

The General Data Protection Regulation (GDPR) is a data privacy and security regulation passed by the European Union (EU) in May 2018. The GDPR intends to strengthen and unify data protection for all individuals within the EU and address the export of personal data outside of the EU and United Kingdom (UK). iland complies with the GDPR by maintaining GDPR Policies and having a Data Protection Officer (DPO) for oversight and to ensure compliance with regulatory requirements. Additionally, iland maintains an ISO 27701 certification to test iland’s Privacy Information Management System (PIMS) as a Processor of personal data. Customers may request a copy of iland’s ISO 27701 certificate to review iland’s commitment to GDPR compliance and data processor activities.

Legal

As a Processor, iland has Data Processing Agreements (DPA) with Standard Contractual Clauses (SCCs) available for execution with Controllers upon request via iland’s legal team. Additionally, iland has a Data Protection Officer (DPO) to manage iland’s relationship with EU and UK Data Protection Authorities, handle Data Subject requests, and manage breach notification processes.

iland Data Protection Officer (DPO) Contact Information:

Office of the Data Protection Officer
ATTN: iland GDPROffice of the DPO:
GRCI Law Limited
Unit 3, Clive Court, Bartholomew’s Walk, Cambridgeshire Business Park, Ely CB7 4EA, United Kingdom

Please review iland's Privacy Notice for the most up-to-date contact information regarding iland's DPO Office.

Regions applicable:


HITRUST Compliance

The Health Information Trust Alliance (HITRUST) maintains the Common Security Framework (CSF) that harmonizes several compliance frameworks including HIPAA, GDPR, PCI, ISO, and NIST. In collaboration with privacy, information security, and risk management leaders from the public and private sectors, HITRUST develops and maintains its widely-adopted common risk and compliance management frameworks, related assessment and assurance methodologies. Annually, iland’s conducts the HITRUST CSF self-assessment to document iland’s compliance with HITRUST-published best practices. Additionally, iland aligns to HITRUST’s attestation and certification based on iland’s ISO 27001 and SSAE 18 SOC 2 third-party audit programs.

Regions applicable:


UK ICO

Information Commissioners Office or ICO maintains the privacy rights and protections for entities operating within the United Kingdom (UK). ICO requires that organizations operating within the UK conform to privacy and data protection regulations and that personal data is correctly handled. Full registration is maintained by iland and publicly facing privacy statements and documentation pertaining to UK specific data controls are available for all customers of iland.

Regions applicable:


ISO 9001

ISO 9000 family of quality management systems (QMS) standards are designed to help organizations ensure that they meet the needs of customers and other stakeholders while meeting statutory and regulatory requirements related to a product or service. Quality and quality management are intrinsic to iland’s operations and business practices, we are proud to be ISO 9001 certified for iland’s products and services. Customers may request a copy of iland’s ISO 27701 certificate to review iland’s commitment to GDPR compliance and data processor activities.

Regions applicable:


ISO 27001

The international standard for information security and risk management, the ISO 27001 certification ensures that the organization you are working with adheres to best practices for data protection as well as extensive risk management evaluations. iland maintains ISO 27001 certifications for its data centers as well as full corporate review and certification of its operations. We are very proud of our results and customers may request a copy of iland’s ISO 27001 certificate to review iland’s commitment to information security and risk management.

Regions applicable:


ISO 27701

The international standard for security techniques and privacy information management systems (PIMS), ISO 27701 is an extension of ISO 27001. ISO 27701 ensures that an organization you are working with adheres with the General Data Protection Regulation (GDPR) as a Controller and/or a Processor of personal data. iland maintains an ISO 27701 certification for iland’s activities as a Processor of personal data for our customers. We are very proud of our results and customers may request a copy of iland’s ISO 27701 certificate to review iland’s commitment to GDPR compliance and data processor activities.

Regions applicable:


ITAR

The international standard for security techniques and privacy information management systems (PIMS), ISO 27701 is an extension of ISO 27001. ISO 27701 ensures that an organization you are working with adheres with the General Data Protection Regulation (GDPR) as a Controller and/or a Processor of personal data. iland maintains an ISO 27701 certification for iland’s activities as a Processor of personal data for our customers. We are very proud of our results and customers may request a copy of iland’s ISO 27701 certificate to review iland’s commitment to GDPR compliance and data processor activities.

Regions applicable:


ITIL

ITIL, formally an acronym for Information Technology Infrastructure Library, is a set of detailed practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business. ITIL requires extensive documentation, certified staff, and alignments within organizations to achieve successful outcomes. iland maintains ITIL certified staff to ensure proper IT Service alignment, optimizations and operates under the most recent version, ITIL v2011.

Regions applicable:


Model Contract Clause Offering

Ensuring EU data protection and remaining compliant with data sovereignty requirements. iland provides for its customers Model Contract Clauses for the contractual movement of data for both Controllers and Processor entities, ensuring that the movement of data conforms to EU regulations and requirements.

Regions applicable:


NIST 800-53

NIST Special Publication 800-53 provides a catalog of security controls for all U.S. federal information systems except those related to national security. NIST develops and issues standards, guidelines, and other publications to assist federal agencies in implementing the Federal Information Security Management Act (FISMA). NIST 800-53 is the foundation of nearly all security requirements within the IT space. Alignment to NIST 800-53 is performed within iland at all levels, from the requirements to use FIPS standards through the physical access requirements for data center access. Customers are encouraged to review our policies and processes to evaluate our alignments and help ensure alignment to their requirements.

Regions applicable:


NIST 800-171

NIST Special Publication 800-171 provides recommended security requirements organizations should put in place to protect the confidentiality of Controlled Unclassified Information (CUI) that is processed, stored, or transmitted in non-federal systems in the United States. NIST develops and issues standards, guidelines, and other publications to help federal agencies and organizations that process, store, or transmit CUI better protect their data. iland's systems have been built with compliance & security in mind. As such, iland can support customers that need to adhere to the recommended security guidelines detailed in NIST 800-171. Customers are encouraged to review our policies and processes to evaluate our alignment to the publication and ensure that we can support their unique compliance requirements.

Regions applicable:


PCI DSS

The Payment Card Industry Data Security Standard (PCI-DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. Validation of compliance is performed annually for iland data centers as well as operations and business functions and a Self-Assessment Questionnaire (SAQ) is available for customers.

Regions applicable:


PIPEDA

For customers operating in Canada, iland maintains and adheres to the privacy requirements defined within the Personal Information Protection and Electronic Documents Act (PIPEDA) for iland’s Canadian customers. PIPEDA governs how organizations collect, use, and disclose personal information in the course of conducting business. iland has a robust Privacy Information Management System (PIMS) that helps our teams properly secure customer data stored within iland’s cloud environment. Please reach out to our compliance team to learn more about iland’s privacy program and how we protect customer data.

Regions applicable:


Singapore Personal Data Protection Act

For customers operating within Singapore, iland maintains and adheres to all privacy requirements outlined under the Personal Data Protection Act (PDPA) of 2012 for citizens and legal operations within the Singapore region. Protection of individuals rights is paramount to proper data sovereignty!

Regions applicable:


SOC 2 & SOC 3

The Statements on Standards for Attestation Engagements, also known as SSAE 18, develops the Trust Service Principles that organizations can test and report on the design and operating effectiveness of a service organization’s controls. System and Organization Controls (SOC) test an organization’s security, availability, processing integrity, confidentiality, and privacy controls. iland maintains an SSAE 18 SOC 2 Type 2 report and a SOC 3 report for iland’s internal operations, as well as SOC 2 Type II reports for iland’s U.S. data center locations. These reports are available to customers upon request.

Regions applicable:


Have questions? Talk one-on-one with our compliance experts.