ISO/IEC 27001, 27017 and 27018 certifications and reports
The ISO 27000 family of information security management standards is a series of complementary information security standards. These can be combined to provide a globally recognised framework for IT security management in accordance with best practices. By implementing these standards, organisations of any kind can manage the security of their assets such as financial data, intellectual property, employee contact information or data entrusted to them by third parties. OVHcloud received its first ISO 27001 certifications in 2013 for its cloud solutions.
ISO/IEC 27001:2013 is an internationally recognised standard for the establishment and certification of an Information Security Management System (ISMS). OVHcloud has received this certification for its cloud services. Obtaining this certification means that OVHcloud has implemented a holistic security programme related to its information security control and system management activities.
This code of practice is designed to serve as a reference for organisations when they select information security controls for cloud services. It is based on the implementation of an ISO/IEC 27001 framework in a cloud computing context. It can also be used by cloud service providers as a guidance document for their customers to implement protection controls.
Confidentiality is a key concern in a cloud computing environment. ISO/IEC 27018:2019 takes into account the regulatory requirements for the protection of identifiable personal information (IPI) that may be applicable in the context of risk assessment. It sets out guidelines related to a cloud service provider’s information security.
Perimeters and certificates
ISO/IEC 27001, ISO/IEC 27017 and ISO/IEC 27018 certifications are available for OVHcloud services hosted in all our datacentres, except those in the US, which have a specific scope (please visit the OVHcloud Inc. website for services operated by the United States).
The ISO/IEC 27001 certification that OVHcloud holds is available on the website of the certification body “Laboratoire National de Métrologie et d’Essais” (French National Laboratory of Metrology and Testing):
Certifications and reports
Our customers can request access to our certifications and reports. They may also obtain documents relating to our certifications under certain conditions.
We only authorise audits carried out by third parties for the purpose of certifying all relevant parties. Please contact our sales department to access this type of service.