Iron Mountain (UK) PLC

Iron Mountain InSight

The Iron Mountain InSight information system is a software-as-a- service (SaaS) that provides customers with Content Management and Intelligent Document Processing (IDP).

Features

• Asset Ingestion (Digital/Physical): documents, images, data feeds, metadata
• Data Transformation: document splitting, image enhancement, redaction prior to processing.
• Data Enrichment: classification and metadata extraction using AI technologies.
• Data Validation: including data extracted by AI models
• Data Storage: store documents and associated data accessible by APIs.
• Business Workflow: integrate with business processes and customer systems
• Information Governance: manage retention schedules and to provide compliance reporting
• Content Management: search, view, edit and share documents
• Data Destruction: request documents destruction following applied retention schedules
• Asset Monitoring: track and provide audit history for assets end-to-end.

Benefits

• Improve Customer Experience: make information accessible and driving useful experiences
• Drive Efficiency: automate manual processes, enrich information for quick location
• Enable Audit Ready Compliance: document enrichment (extraction and classification)
• Content Management: search, view, edit and share documents

£2,400 an instance a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at BidManagementWE@ironmountain.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

237301648697476

Contact

Dee-Ann Guy
08445 60 70 80
BidManagementWE@ironmountain.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Cloud based SaaS runs in cloud hyperscalers - AWS, Google, Azure (not on-prem)
• System requirements:
  • Requires subscription for access to system
  • Hosted as a cloud based SaaS by Iron Mountain

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 30 minutes for critical issues 24/7; ; General questions 5 days
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Level 1 Support - Included; Level 2 Support - Included; Level 3 Support - Included ; ; Technical Account Manager available for new accounts / enterprise subscription
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Professional Services training and documentation
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: APIs extract data into common formats - JSON, XML, CSV
• End-of-contract process: At the end of the contract the customer provides a timeline for the engagement to end.; ; Professional Services and our Support team engage to export the data and provide to the customer.; ; Customer instance with data is decommissioned and deleted.; ; Fees vary by subscription and engagement statement of work.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Non-applicable
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Web-based user interface and REST APIs for ingesting, exporting and managing data / documents
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: Yearly accessibility report available upon request
• API: Yes
• What users can and can't do using the API: Customers can integrate with REST Web Services using oAuth for Authentication and Authorization.; ; APIs include ability to upload, edt, search and delete documents and metadata as well as create, edit and delete users
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users can customize:; 1) Dashboards; 2) Single Sign On ; 3) Metadata Fields and Document Types; 4) Business Workflows

Scaling

• Independence of resources: Scaling by customer in a dedicated set of container images

Analytics

• Service usage metrics: Yes
• Metrics types: Number of documents; Documents by type; Documents by status; Number of users; Number of documents by task
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: APIs extract data into common formats - JSON, XML, CSV
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JSON
  • XML
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JSON
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.99% availability - refunds available per contract agreement if levels are not met
• Approach to resilience: Multiple (three) zones within region with redundant failover
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: SAML 2.0 with integration to customer's identity provider
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Coalfire Inc
• ISO/IEC 27001 accreditation date: 22/11/2023
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • US FedRAMP - NIST 800-53
  • SOC2 Type 2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Global Security and Compliance Team run by Chief Risk Officer and Chief Information Security Officer (CISO) reporting to the Chief Executive Officer (CEO); ; Global Security and Compliance monitors the information security across the systems.; ; Iron Mountain has numerous security policies available upon request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes are tracked in a central change management system with an approval process run by our change review board. Changes are reviewed for completeness and evaluated for risk as well as rollback, testing and user impact / communication.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Patching and Vulnerability management, anti-malware, endpoint disk encryption and intrusion prevention are managed via our IT asset and endpoint management solutions. ; ; Workstations and servers are mitigated in a scheduled maintenance window following change management procedures with proper customer and end-user notification. ; ; For cloud-based systems, automated agents continuously scan the environment finding any security vulnerabilities such as out-dated OS versions, app servers or misconfigured security policies. ; ; Alerts are sent to our 24x7 Virtual Security Operations (vSOC) team. ; ; Systems are patched following remediation times of: Critical (same week or sooner), High (within 2 weeks), Medium (within 90 days), Low (within 120 days).
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: InSight systems are continuously monitored for security and use. All actions taken by personnel on production systems are logged and scanned for threats, including an Security Information Event Management (SIEM system) for threat analytics, which is regularly monitored by and alerted to Security personnel. ; ; Audit logs are maintained for a minimum of 90 days online plus 365 days in offline storage.
• Incident management type: Supplier-defined controls
• Incident management approach: Our Cyber Incident Response Team (CIRT) monitors alerts 24x7 365 with an established incident response plan. Our CIRT team works to notify customers and to resolve any security incidents working together with their security teams.; ; Reports are sent per customer contract.; ; Users report incidents to the cyber incident response team.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Iron Mountain actively seeks opportunities to improve our environmental performance, and reduce our carbon footprint and support our customers with their environmental objectives. ; ; We are currently on track to achieve Net Zero emissions by 2040, 10 years ahead of the Paris Climate Accord. We will go beyond our current Science-Based Target (25% reduction of absolute GHG emissions from 2016 baseline) and by 2025 will achieve a reduction of 25% of GHG emissions from Scope 1 & 2 energy sources from the 2019 baseline.; Some of the steps and results we have achieved against Carbon Net Zero targets to date include:-; UK operations were among our first to be certified to ISO 14001 for environmental management over 12 years ago. (Environmental Management Standard) and recertified all Data Centre facilities under ISO 50001 (Energy Management).; As part of our EV100 commitment, we will transition 10% of our total fleet (100% of our cars and 50% of our vans) to electric by 2025 and expect to exceed 2,000 vehicles by 2030. ; Currently, in the UK, 98% of our energy use at all sites is green power purchased. We are working to reduce the final 2%.; We have upgraded over 56,000 lights to LED across 32 sites in just the past five years in the UK.; We have completed 9 on-site solar systems in the UK for a total 1.65 MW of generation capacity.; In 2021, we implemented an irrigation control program at 41 of our facilities that will save an estimated 17.7 million gallons of water per year.; ; We will work with G-Cloud customers to develop specific and measurable additional social value commitments aligned to their priorities.

  Covid-19 recovery

  Iron Mountain recognises that Covid-19 has had a significant impact on many communities and businesses within the UK. We introduced a variety of measures to support our customers with flexible ways of working implemented at pace to support the changes in business activity that the pandemic has caused. We built a strong foundation to respond to the pandemic in 2020 when we established our Crisis Management Core Team and implemented COVID-19 protocols in line with the Centers for Disease Control (CDC) and the World Health Organization (WHO). Our initial efforts combined monitoring key metrics, adjusting workplace practices, providing personal protective equipment to ensure optimal working conditions for on-site employees, and supporting our employee’s physical and mental health. ; ; To support our customers in their critical work, we have developed new ways of delivering services, many of which have become standard practices. One example includes replacing physical file retrievals with our digital platform (InsightⓇ Content Services Platform) and service enabling remote working across critical records. This was delivered in a fast tracked implementation of 14 days. For some customers this has now become the default method for all retrieval activity post pandemic, supporting service levels, delivering on commercial and environmental objectives.; We will work with G-Cloud customers to develop specific and measurable additional social value commitments aligned to their priorities.

  Tackling economic inequality

  Iron Mountain (IM) cultivates a culture of inclusion that values diverse perspectives across our global workforce. Our Inclusion & Diversity strategy includes four areas of focus that each have several activities and approach: ; Build a more inclusive culture ; Increase workforce diversity at all levels ; Establish a global mindset ; Embed accountability. ; ; IM has demonstrable experience of tackling workforce inequality. As part of our annual CSR measurements we actively measure a variety of diversity goals, including gender within leadership positions. We received a 90 percent score on the Disability Equality Index® (DEI) and are a DEI Best Place to Work for Disability Inclusion. In addition, in 2022 for the fifth year in a row, we scored 100% on Human Rights Campaign’s Corporate Equality Index for LGBTQ Workplace Equality. ; We also focus our efforts on supporting staff training to increase staff progression. In 2021, we expanded our Global Management Development Program (MDP), a comprehensive learning framework developed in 2020 in partnership with LinkedIn Learning, an online educational platform. After an initial pilot group, in 2021 the MDP included 131 managers from around the world. We have seen MDP alumni grow in their roles as managers with more than 20% receiving a promotion or role expansion in 2021. ; ; We will work with G-Cloud customers to develop specific and measurable additional social value commitments aligned to their priorities.

  Equal opportunity

  Iron Mountain has a long and demonstrable experience of supporting employment and development opportunities in the communities in which we operate. This is one of our key principles and objectives and one that we also flow down contractually, develop and manage via our subcontractors. One of our key factors in selecting subcontractors is their track record and proven ability in creating and developing employment and skills training. Iron Mountain is committed to building an inclusive working environment and monitoring diversity within our workforce. One example includes measurements around gender pay parity. 2023 will see the launch of a new multi-faceted Women in Leadership initiative for our female Director+ population. Our goals are: ● We will relentlessly strive to be a world-class employer in every region in which we operate ● By 2025 we will tighten our threshold for gender pay parity from +/-10% to achieve +/- 5% across all organisational levels in all countries where we are reporting (US, Canada, UK) ● By 2025, women will represent 40% of global leadership.We will work with G-Cloud customers to develop specific and measurable additional social value commitments aligned to their priorities. As part of our annual CSR measurements we actively measure a variety of diversity goals, including gender within leadership positions. We received a 90 percent score on the Disability Equality Index® (DEI) and are a DEI Best Place to Work for Disability Inclusion. In addition, we are a member of the Disability Confident Scheme.

  Wellbeing

  Iron Mountain strives to create a workplace where employees’ authentic selves are welcomed and valued. In 2021, we established a dedicated company-wide Culture and Engagement (C&E) team to foster a culture of recognition, continuous learning, wellbeing, innovation and belonging. ; ; All staff working with with G-Cloud customers will be able to access the following initiatives: ; -Employee Assistance Program (EAP) offers staff support with any work or personal issues. These include short-term professional counselling and connection to local resources to help with emotional, practical, and physical needs. The EAP service is free, confidential, and available in a variety of languages - 24 hours a day, 7 days a week. ; - Mental Health and Wellbeing Coaching sessions with external experts ; - Employee health monitoring through the partner/employee health service provider; - The Virgin Pulse app, launched in pandemic (health and wellbeing tips in a mobile app where all mountaineers have access to) ; - The best medical subscription packs ; - Partial gym membership paid by Iron Mountain; - Recreational activities designed to form bonds within our community ; - Wellbeing trainings - Training on the occasion of Mental Health day; ; - Team building activities; - 2 volunteer days offered by the company for community involvement;; - Ethic Line: Ask questions or make reports regarding our Code of Ethics and Business Conduct ; - Richard Reese Employee Relief Fund - Financial support for staff when they need it most. The fund was created after many employees were affected by Hurricane Katrina.It provides temporary financial assistance to our colleagues and their families impacted by a catastrophic event. ; - PsychHub - All our staff have access to PsychHub, the world’s largest mental health education platform which aims to create awareness of and increase literacy around mental health issues through videos, podcasts, shareable content and more.

Pricing

• Price: £2,400 an instance a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A 30-day free trial is available, however, customer data cannot be used for this period.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at BidManagementWE@ironmountain.com. Tell them what format you need. It will help if you say what assistive technology you use.