OVHcloud Compliance

Attestations & Certifications

Protection of our customer data is very important to OVHcloud. Thus, OVHcloud takes the necessary steps to protect customer data to ensure security and availability by implementing high levels of transparency, standards, governance, and regulatory compliance. The OVHcloud IaaS services are provided to our customers through Data Centers, servers, and a network owned and operated by OVHcloud.

OVHcloud services are built from the ground up to address our customers' most rigorous security and privacy demands. OVHcloud provides a comprehensive set of compliance offerings, including attestations and certifications applicable to its services and Data Centers.

OVHcloud makes compliance user-friendly, so our customers can spend less time on compliance initiatives and more time running their businesses.

Compliance Program

OVHcloud adheres to rigorous security standards associated with various industry-specific compliance frameworks for our Infrastructure as a Service (IaaS) products and Data Centers. OVHcloud is dedicated to delivering cloud services that adopt industry best practices for a comprehensive set of security and compliance standards. OVHcloud has independent third-party audit firms conduct annual attestations and certification examinations.


Please click "Learn more" for each Compliance Program listed below for information regarding the OVHcloud services and Data Centers having received the applicable accreditation.

ISO 27001

iso icon

ISO 27017

iso logo

ISO 27018

ISO 27701

ISO 27701

SOC 1, 2 & 3

hipaa compliance



OVHcloud Services

OVHcloud Services comply with the following:


Services vs. Attestations/Certificates

  ISO 27001
ISO 27017
ISO 27018
ISO 27701
Attestation / Certificate
SSAE18 Type 2 SOC 1 SSAE18 Type 2 SOC 2 SSAE18 Type 2 SOC 3 HIPAA Type 1 PCI DSS
Hosted Private Cloud (HPC)      ✘
Dedicated Servers (Bare Metal Servers)      ✘
Public Cloud Instance (PCI)      ✘
Virtual Private Servers (VPS)      ✘
US Data Centers (Vint Hill & Hillsboro)


  • ISO/IEC 27001:2013 OVHcloud Certificate includes ISO 27017 / ISO 27018 and ISO 27701 (Privacy) and expires June 24, 2025.
  • Type 2 SOC 1 (AICPA SSAE No. 18 and IAASB ISAE 3402 Standards) as of January 1 – December 31, 2021
  • Type 2 SOC 2 (AICPA SSAE No. 18) as of January 1 – December 31, 2021
  • Type 1 HIPAA and HITECH as of December 31, 2021
  • Payment Card Industry (PCI) Data Security Standard (DSS) for all OVHcloud services and US Data Centers AOC as of February 16, 2022
  • Cloud Security Alliance - Consensus Assessments Initiative Questionnaire (CAIQ)

Additional Services

OVH exclusively authorizes audits carried out by third parties with the goal of certification for all interested parties

ISO 27001 Certificate & Attestation Reports

The ISO 27001 Certificate is available on our 3rd party audit firm’s website. Upon request, customers can obtain our annual attestation reports by contacting their sales representative. Prospective customers can obtain our AIPCA SSAE18 Type 2 SOC 3 attestation report.

OVH offers customized advisory security service

Security Advisory Services

The OVHcloud Security and Compliance teams will support your organization's security and compliance teams with advisory services, with the option of completing questionnaires on the Information Security Management System ("ISMS") and US Data Centers' security measures.

Ready to get Started?

Contact Us