ISO 27001 / 27017 / 27018


ISO/IEC 27001, 27017 and 27018 certifications and reports

The ISO 27000 family of information security management standards are a series of complementary information security standards. These can be combined to provide a globally recognized framework for IT security management in accordance with best practices. By implementing these standards, organizations of any kind can manage the security of their assets such as financial data, intellectual property, employee contact information, or data entrusted to them by third parties. OVHcloud received its first ISO 27001 certifications in 2013 for its cloud solutions.

ISO/IEC 27001:2013

ISO 27001 is an international standard on how to manage information security and the establishment of an Information Security Management System (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical, and technical controls involved in an organization’s information risk management processes. OVHcloud has received the ISO/IEC 27001:2013 Certificate for its cloud services and US Data Centers since June 28, 2013. Achieving this certification means OVHcloud has implemented a holistic security program that conforms with the ISO 27001 standards.

ISO/IEC 27017:2015 Code of Practice for Information Security Controls

The ISO/IEC 27017:2015 is the information security gold standard for cloud service providers and their customers. It enables them to implement information security processes and procedures to ensure information stored in the cloud is safe and secure.

This international standard provides additional cloud-specific implementation guidance based on ISO/IEC 27002, as well as additional controls to address cloud-specific information security threats and risks referring to Clauses 5 to 18 in ISO/IEC 27002:2013 for controls, implementation guidance, and other information. ISO/IEC 27017 is unique in providing guidance for both cloud service providers and customers.

ISO/IEC 27018:2019 Code of Protecting Personal Data in the Cloud

Privacy is a growing concern in today's compliance environment. The ISO/IEC 270189:2019 specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of personally identifiable information (PII) which can be applied within the context of the information security risk environment(s) of a cloud provider.

Contact Us

We are here to help you get started. You may schedule a free consultation with an OVHcloud advisor to discuss an architecture that best suits your business needs. 

US Data Centers

The ISO/IEC 27001, ISO/IEC 27017, and ISO/IEC 27018 certifications are carried out by an ISO-accredited audit firm. The scope of the ISO/IEC 27001, ISO/IEC 27017, and ISO/IEC 27018 certifications include all the OVHcloud Services and US Data Centers:


US Data Centers:

  • Vint Hill, Virginia (East Coast)
  • Hillsboro, Oregon (West Coast)

Additional services

Certifications and reports

Our customers can request access to our certifications and reports. They may also obtain documents relating to our certifications under certain conditions.

US customers utilizing OVHcloud international Data Centers and Services requiring ISO 27001, 27017, or 27018 certificates should contact their sales representative.