ISO 27001 / 27017 / 27018

ISO 27001 is an international standard on how to manage information security and the establishment of an Information Security Management System (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical, and technical controls involved in an organization’s information risk management processes. OVHcloud has received the ISO/IEC 27001:2013 Certificate for its cloud services and US Data Centers since June 28, 2013. Achieving this certification means OVHcloud has implemented a holistic security program that conforms with the ISO 27001 standards.

The ISO/IEC 27017:2015 is the information security gold standard for cloud service providers and their customers. It enables them to implement information security processes and procedures to ensure information stored in the cloud is safe and secure.

This international standard provides additional cloud-specific implementation guidance based on ISO/IEC 27002, as well as additional controls to address cloud-specific information security threats and risks referring to Clauses 5 to 18 in ISO/IEC 27002:2013 for controls, implementation guidance, and other information. ISO/IEC 27017 is unique in providing guidance for both cloud service providers and customers.

Privacy is a growing concern in today's compliance environment. The ISO/IEC 270189:2019 specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of personally identifiable information (PII) which can be applied within the context of the information security risk environment(s) of a cloud provider.