Compliance and certification

Conformité et certifications

Compliance and certification

Customer trust is our top priority. Our pragmatic and efficient security is built on the technical expertise and professionalism of our teams, allowing our users to understand our approach while maintaining control.

The policies implemented must be transparent, and produce measurable results. They must also adapt to changing threats, and be similar between providers. To achieve this, we certify our solutions to the very highest security standards.

Icons/concept/todoList Created with Sketch.
Global security management

Independent auditors regularly monitor and evaluate the level of security, confidentiality and compliance of the solutions we offer. They then issue certificates and audit reports, attesting to the very high level of protection our services receive.

Icons/concept/Shield Created with Sketch.
Local/regional standards and regulations

We contractually commit to comply with the regulations that are in force in the territories where we operate. As we are headquartered in Europe, protecting data confidentiality is central to our business, in line with the GDPR.

Icons/concept/Geolocalisation/Geolocalisation Plan Created with Sketch.
Specific sectoral compliance

Some business sectors have specific regulatory factors and constraints. We are taking a specific compliance approach to meet these needs, particularly in areas such as healthcare, finance, industry and the public sector.

ISO27001
ISO 27001 / 27017 / 27018

ISO/IEC 27001:2013 Certification and ISMS relating to information security management systems for cloud services

Find out more
ISO27701
ISO 27701

ISO/IEC 27701:2019 Certification and PIMS relating to personal data processing security management

Find out more
RGPD
GDPR

Compliance with Regulation (EU) 2016/679, known as the General Data Protection Regulation (GDPR)

SOC
SOC 1, 2, 3

AICPA certification SSAE 16/ISAE 3402 Type 2 for control over financial reporting

Find out more
CSA
CSA STAR

Cloud Security Alliance (CSA) Level 1: Best Practices Self Assessment

Cispe
CISPE

Founding member of Cloud Infrastructure Services Providers in Europe (CISPE) and signatory of its code of conduct

ANSSI
ANSSI SecNumCloud

French ANSSI certification for trusted cloud service providers

Find out more
G-Cloud UK
G-Cloud UK

G-Cloud Digital Marketplace for Public Sector Cloud Service Procurement in the UK

Find out more
HDS
HDS

Certification by the French Digital Health Agency (ANS) for hosting healthcare data

Find out more
Health data in EU
Healthcare data in Europe

Compliance for hosting healthcare data from French, British, Italian, German and Polish citizens

Conformité HIPAA et HITECH pour l'hébergement de données de santé aux États-Unis
HIPAA & HITECH

Compliance with the United States Health Insurance Portability and Accountability Act in our US datacentres.

Find out more
PCI-DSS
PCI DSS

Lever 1 Payment Card Industry Data Security Standard certification relating to payment data hosting

Find out more
EBA European Banking Authority
EBA

Compliance with the European Banking Authority (EBA) Outsourcing Guidelines for Financial Service Operators in Europe

PSEE
ACPR Outsourcing Guidelines (France)

Compliance for the provision of outsourced essential services from the French Prudential Supervision and Resolution Authority (ACPR)

Find out more
SWIPO_code_adherent
SWIPO

Signatory of the SWIPO IaaS Code of Conduct on cloud service portability

C5 - Cloud Computing Compliance Controls Catalogue
C5

Cloud Computing Compliance Criteria Catalogue

Find out more
Information systems security policy

Information Systems Security Policy

The Information Systems Security Policy (ISSP) provides the cybersecurity framework for OVHcloud. It sets out the concepts required to understand our approach, while establishing a link between the context of operations, and the methods used to ensure protection. The ISSP describes:

  • The context of OVHcloud operations, in order to understand our main security risks.

  • The commitments to OVHcloud stakeholders, as well as the principles for setting up and maintaining information systems in a secure state.

  • The variation of these principles within OVHcloud.
OVHcloud Security Policy
Need support or information?

You can request a free callback from an OVHcloud advisor.

Contact us

Our solutions for regulated industries

HDS_Photo-header | OVHcloud
Solutions for the healthcare sector
Find out more
services financiers
Our solutions for financial service operators
Find out more
Nos solutions de confiance pour le secteur public OVHcloud
Public Sector Data Hosting for Sovereignty
Find out more
Solutions pour les données sensibles industrielles OVHcloud
Solutions for industrial sensitive data
Find out more

Additional services

Certifications and reports

Our customers can request access to our certifications and reports. They may also obtain documents relating to our certifications, under certain conditions.

On-site audits

We only authorise audits carried out by third parties for the purpose of certifying all relevant parties. Contact our sales department to access this type of service