Two audits, one operating year. Between August and November 2025, Data Facilities closed its three-year renewal cycle for ISO 9001:2015 and ISO 27001:2022 and completed a full SOC 2 Type II attestation period. The result is a current, externally-attested compliance posture that customers and prospective tenants can request under NDA today.
What renewed in August: ISO 9001 and ISO 27001
The three-year renewal audits for ISO 9001:2015 (Quality Management System) and ISO 27001:2022 (Information Security Management System) were conducted on-site at THG1 in August 2025. Both certificates were re-issued without major non-conformities. The 27001 renewal moved us off the legacy 2013 control catalogue and onto the 2022 Annex A — the practical impact is a wider documented control surface around incident response, threat intelligence, and information transfer, which lines up cleanly with how the facility was already operating.
What completed in November: SOC 2 Type II
SOC 2 Type II differs from Type I in one important way: Type I attests that the controls are designed correctly at a point in time; Type II attests that the controls operated effectively over a defined audit window. Our Type II audit window closed in November 2025 with the attestation report issued shortly after. The scope covers the Security trust services criterion across the colocation environment at THG1, including physical access, environmental controls, change management, and incident response.
What this means in practice
For tenants and prospects evaluating the facility:
- Procurement teams — the SOC 2 Type II report and current ISO 9001 / ISO 27001 certificates are available under standard NDA. Request it via the contact form — we route to the right team and turn around the NDA same-day in most cases.
- Internal audit and risk teams — the controls catalogue and the bridge letter approach are documented; we can support point-in-time gap analyses against your own framework requirements.
- Regulated workloads — for healthcare and adjacent workloads, our controls also map to NEN 7510 alignment. Same audit baseline, mapped to a different framework.
Why we are publishing this
Compliance documentation is often treated as a closing-stage artefact. We prefer to put it on the table earlier. A tenant deciding where to place a regulated workload should not need to wait for a contract review to find out which standards the facility holds and which audit period the most recent attestation covers. Those facts belong in the first conversation, not the last.
For the current certificate registration numbers, audit windows, and the named auditor for each engagement, request the under-NDA package via the contact page.
