Data centres play a crucial role in supporting the cloud infrastructure of various industries, particularly in healthcare or private companies looking to deploy infrastructure into the health sector.

However, it is essential to partner with cloud infrastructure providers that possess the necessary accreditations expected by the data custodians and NHS organisations to ensure the security and reliability of their data centres. ARO has attained all the required certification to process and store patient identifiable data and provide assistance and expertise when completing data processing agreements and grant applications.

ARO’s impressive range of accreditations also reflect our dedication to delivering secure, reliable, and compliant data centre services. With certifications such as ISO 27001, G-Cloud supplier, Cyber Essentials Plus, and more, ARO has positioned itself as a trusted provider in the industry.

ISO 27001 Information Security Management System (ISMS)

The ISO 27001 certification sets out the criteria for establishing, implementing, maintaining, and continually improving an organisation’s ISMS.

All of ARO’s business systems, technologies, processes and data centres have been carefully examined to ensure they are compliant to the highest security and management standards. And with this certification, ARO demonstrates our commitment to protecting valuable information assets and mitigating the risk of unauthorised access, disclosure, alteration, or destruction.

ISO 27018 Information Security Controls for Cloud Services

The ISO 27018 standard focuses on information security controls for cloud services and ensures that personal data stored in the cloud is protected and managed in accordance with stringent privacy requirements.

Following this code of practice, ARO guarantees that our clients’ sensitive information is treated with the highest degree of privacy and confidentiality, ensuring compliance with global regulations such as the General Data Protection Regulation (GDPR).

ISO 27017 Protection of Personally Identifiable Information (PII) in Public Clouds

ARO recognises the critical importance of safeguarding sensitive data in cloud environments. In line with its commitment to excellence, ARO follows the ISO 27017 code of practice. This specific standard is designed to address the unique security challenges associated with PII in public cloud infrastructures, offering a comprehensive set of guidelines and best practices to mitigate risks effectively.

By implementing a robust security posture that encompasses encryption, access controls, and regular risk assessments, ARO ensures the confidentiality, integrity, and availability of our clients’ PII.

ISO 9001 Quality Managment Systems (QMS)

Achieving the ISO 9001 certification ensures that ARO has implemented a robust quality management system in their data centre operations.

To receive this certification, organisations must meet a stringent criteria, encompassing various aspects such as operational efficiency, risk management, and customer satisfaction. And by holding the 9001 ISO certification, ARO demonstrates our dedication to delivering high-quality data centre services that meet or exceed industry benchmarks.

G-Cloud Supplier

The G-Cloud framework is designed to provide a simple and efficient way for government agencies and entities to access a wide range of cloud services.

Through the G-Cloud Framework Agreement, ARO has been providing compliant Cloud Services to clients since 2012. Plus, as a G-Cloud supplier, ARO is qualified to deliver cloud services to public sector organisations in the UK. By partnering with ARO, public sector organisations can leverage our extensive experience in delivering secure and reliable cloud infrastructure solutions while also meeting stringent government requirements.

IG Toolkit to Data Security & Protection Toolkit

Each year ARO completes the Department of Health’s Data Security and Protection (DSP) Toolkit to meet the NHS criteria for information security and governance. This involves company-wide IT government training annually, similar to NHS staff. Since 2019/2020, ARO’s submission has been reviewed and classed within the top 2% as meeting the NHS criteria for information security and governance to “standards exceeding”.

Having this toolkit ensures customer data is handled with the highest level of care and meets the requirements set by UK health bodies and regulators.

Cyber Essentials Plus

ARO has been independently assessed and verified by a government approved external body that it meets the Cyber Essentials implementation profile [BIS/14/696] and at the time of testing ARO’s ICT defences were evaluated and found effective against commodity based cyber-attacks.

This certification confirms that ARO has implemented essential cybersecurity measures and safeguards to protect against common cyber threats.

Data Centre Alliance Class 3 Facility

The DCA Class certification system provides an independent assessment of critical infrastructure facilities to ensure they have the appropriate physical and operational controls in place.

ARO successfully passed a rigorous data centre audit carried out by the industry body in conjunction with a member of its approved expert firms, Certios. Additionally, ARO achieved the level 3 classification for its award-winning facility at Liverpool Innovation Park and was the first data centre in the European Union to be awarded the new Data Centre Alliance (DCA) certification.

Health and Social Care Network (HSCN)

ARO meets the requirements set by the Health and Social Care Network (HSCN) in the UK to handle and store sensitive healthcare data securely. This showcases ARO’s ability to provide reliable and compliant data centre services specifically tailored to the unique needs of healthcare organisations and solidifies ARO’s position as a trusted partner for healthcare providers, ensuring their data remains protected and accessible when it matters most.

European Code of Conduct (EUCOC)

In response to increasing energy consumption in data centres and the need to reduce the related environmental, economic and energy supply security impacts, the European Code of Conduct has been created to improve energy efficiency in data centre operations while maintaining high standards of performance and reliability.

ARO has successfully gone through the EU Cloud CoC assessment, serving as proof of compliance towards supervisory authority and cloud users within the EU. Following this code of conduct ensures that ARO’s management of our data centre is appropriate and the energy saving initiatives the company adopts meet the objectives of the European Union.

Our extensive range of data centre services accreditations sets us apart from other data centre services. By obtaining these accreditations, we demonstrate our commitment to meeting and exceeding industry standards, ensuring that customers’ data is handled with the utmost care and protection. If you’re an organisations looking for secure and reliable data centre services, you can trust us to support your infrastructure needs while meeting industry-specific regulations and guidelines. Get in touch with our data centre services team to find out more.