Iron Mountain InSight® DXP, our intelligent content platform, delivers measurable operational impact whether you use it to power your core business functions or deploy our ready-made industry solutions. Central to this operational value is our commitment to trust; InSight DXP is backed by a comprehensive security and compliance program specifically engineered to align with stringent industry standards and data privacy regulations.
Compliance attestations
- ISO-27001 - InSight has been continuously certified since 2020. This is an international standard that helps organizations manage the security of their information assets. It provides a management framework for implementing an information security management system (ISMS) to maintain the confidentiality, integrity, and availability of all data.
- SOC2 Type 2 - Iron Mountain has maintained a SOC2 Type 2 attestation for InSight since 2020. SOC2 Type 2 Report is a service organization control (SOC) audit on how a cloud-based service provider handles sensitive information.
Industry compliance
- InSight DXP is 21 CFR Part 11 capable.
- StateRAMP - Ready status received in January 2024.
- FedRAMP (NIST 800-53/37) - Third-party testing performed against the NIST 800-53 Revision 4 controls, as well as additional FedRAMP requirements. InSight has received FedRAMP Authorizations to Operate (ATO) as well as FedRAMP Ready status.
Data privacy
- General Data Protection Regulation (GDPR) - InSight has undergone a GDPR assessment and a copy of the report is available upon request.
- Health Insurance Portability and Accountability Act (HIPAA) - InSight is HIPAA-compliant and has implemented privacy and security measures to protect the privacy and security of personally identifiable information (PII).
- ISO 27701 - InSight DXP has been continuously certified since 2024. This is an international standard which provides a framework for establishing and managing privacy information management systems (PIMS).



