Compliance and certification
Customer trust is our top priority. Our pragmatic and efficient security is built on the technical expertise and professionalism of our teams, allowing our users to understand our approach while maintaining control.
The policies implemented must be transparent, and produce measurable results. They must also adapt to changing threats, and be similar between providers. To achieve this, we certify our solutions to the very highest security standards.
Independent auditors regularly monitor and evaluate the level of security, confidentiality and compliance of the solutions we offer. They then issue certificates and audit reports, attesting to the very high level of protection our services receive.
We contractually commit to comply with the regulations that are in force in the territories where we operate. As we are headquartered in Europe, protecting data confidentiality is central to our business, in line with the GDPR.
Some business sectors have specific regulatory factors and constraints. We are taking a specific compliance approach to meet these needs, particularly in areas such as healthcare, finance, industry and the public sector.
ISO/IEC 27001:2013 Certification and ISMS relating to information security management systems for cloud services
ISO/IEC 27701:2019 Certification and PIMS relating to personal data processing security management
Compliance with Regulation (EU) 2016/679, known as the General Data Protection Regulation (GDPR)
Cloud Security Alliance (CSA) Level 1: Best Practices Self Assessment
Founding member of Cloud Infrastructure Services Providers in Europe (CISPE) and signatory of its code of conduct
Compliance for hosting healthcare data from French, British, Italian, German and Polish citizens
Compliance with the United States Health Insurance Portability and Accountability Act in our US datacentres.
Lever 1 Payment Card Industry Data Security Standard certification relating to payment data hosting
Compliance with the European Banking Authority (EBA) Outsourcing Guidelines for Financial Service Operators in Europe
Compliance for the provision of outsourced essential services from the French Prudential Supervision and Resolution Authority (ACPR)
Signatory of the SWIPO IaaS Code of Conduct on cloud service portability
Certification for the delivery of cloud services to the public sector in Italy
Compliance with the Esquema Nacional de Seguridad (ENS) high-level certification, which defines security standards for government agencies and public organisations in Spain.
Information Systems Security Policy
The Information Systems Security Policy (ISSP) provides the cybersecurity framework for OVHcloud. It sets out the concepts required to understand our approach, while establishing a link between the context of operations, and the methods used to ensure protection. The ISSP describes:
The context of OVHcloud operations, in order to understand our main security risks.
The commitments to OVHcloud stakeholders, as well as the principles for setting up and maintaining information systems in a secure state.
- The variation of these principles within OVHcloud.
Certifications and reports
Our customers can request access to our certifications and reports. They may also obtain documents relating to our certifications, under certain conditions.
We only authorise audits carried out by third parties for the purpose of certifying all relevant parties. Contact our sales department to access this type of service