Compliance and certification

Conformité et certifications

Compliance and certification

Customer trust is our top priority. Our pragmatic and efficient security is built on the technical expertise and professionalism of our teams, allowing our users to understand our approach while maintaining control.

The policies implemented must be transparent, and produce measurable results. They must also adapt to changing threats, and be similar between providers. To achieve this, we certify our solutions to the very highest security standards.

Icons/concept/todoList Created with Sketch.
Global security management

Independent auditors regularly monitor and evaluate the level of security, confidentiality and compliance of the solutions we offer. They then issue certificates and audit reports, attesting to the very high level of protection our services receive.

Icons/concept/Shield Created with Sketch.
Local/regional standards and regulations

We contractually commit to comply with the regulations that are in force in the territories where we operate. As we are headquartered in Europe, protecting data confidentiality is central to our business, in line with the GDPR.

Icons/concept/Geolocalisation/Geolocalisation Plan Created with Sketch.
Specific sectoral compliance

Some business sectors have specific regulatory factors and constraints. We are taking a specific compliance approach to meet these needs, particularly in areas such as healthcare, finance, industry and the public sector.

ISO_IEC_27001
ISO 27001 / 27017 / 27018

ISO/IEC 27001:2013 Certification and ISMS relating to information security management systems for cloud services
ISO_IEC_27001
ISO 27701

ISO/IEC 27701:2019 Certification and PIMS relating to personal data processing security management
GDPR
GDPR

Compliance with Regulation (EU) 2016/679, known as the General Data Protection Regulation (GDPR)

SOC_2
SOC 1, 2, 3

AICPA certification SSAE 16/ISAE 3402 Type 2 for control over financial reporting
CSA_Star
CSA STAR

Cloud Security Alliance (CSA) Level 1: Best Practices Self Assessment

CISPE
CISPE

Founding member of Cloud Infrastructure Services Providers in Europe (CISPE) and signatory of its code of conduct

ANSSI_SecNumCloud
ANSSI SecNumCloud

French ANSSI certification for trusted cloud service providers
G-cloud_UK
G-Cloud UK

G-Cloud Digital Marketplace for Public Sector Cloud Service Procurement in the UK
HDS_FR
HDS

Certification by the French Digital Health Agency (ANS) for hosting healthcare data
HealthData_EU
Healthcare data in Europe

Compliance for hosting healthcare data from French, British, Italian, German and Polish citizens

HIPAA
HIPAA & HITECH

Compliance with the United States Health Insurance Portability and Accountability Act in our US datacentres.
PCI_DSS
PCI DSS

Lever 1 Payment Card Industry Data Security Standard certification relating to payment data hosting
EBA
EBA

Compliance with the European Banking Authority (EBA) Outsourcing Guidelines for Financial Service Operators in Europe

ACPR_FR
ACPR Outsourcing Guidelines (France)

Compliance for the provision of outsourced essential services from the French Prudential Supervision and Resolution Authority (ACPR)
SWIPO
SWIPO

Signatory of the SWIPO IaaS Code of Conduct on cloud service portability

BSI_C5
C5

Cloud Computing Compliance Criteria Catalogue
AGiD
AgID

Certification for the delivery of cloud services to the public sector in Italy

ENS certification
ENS

Compliance with the Esquema Nacional de Seguridad (ENS) high-level certification, which defines security standards for government agencies and public organisations in Spain.

Information systems security policy

Information Systems Security Policy

The Information Systems Security Policy (ISSP) provides the cybersecurity framework for OVHcloud. It sets out the concepts required to understand our approach, while establishing a link between the context of operations, and the methods used to ensure protection. The ISSP describes:

  • The context of OVHcloud operations, in order to understand our main security risks.

  • The commitments to OVHcloud stakeholders, as well as the principles for setting up and maintaining information systems in a secure state.

  • The variation of these principles within OVHcloud.
OVHcloud Security Policy
Need support or information?

You can request a free callback from an OVHcloud advisor

Contact us

Our solutions for regulated industries

HDS_Photo-header | OVHcloud
Solutions for the healthcare sector
services financiers
Our solutions for financial service operators
Nos solutions de confiance pour le secteur public OVHcloud
Public Sector Data Hosting for Sovereignty
Solutions pour les données sensibles industrielles OVHcloud
Solutions for industrial sensitive data

Additional services

Certifications and reports

Our customers can request access to our certifications and reports. They may also obtain documents relating to our certifications, under certain conditions.

On-site audits

We only authorise audits carried out by third parties for the purpose of certifying all relevant parties. Contact our sales department to access this type of service