OVHcloud Compliance
Attestations & Certifications
Protection of our customer data is very important to OVHcloud. OVHcloud takes the necessary steps to protect customer data and ensure uptime by implementing high levels of trust, transparency, standards, conformance, and regulatory compliance. The OVHcloud services are provided to our customers from Data Centers, servers, and a network that OVHcloud owns and operates.
OVHcloud services are built from the ground up to address our customers' most rigorous security and privacy demands. OVHcloud provides a comprehensive set of compliance offerings, including attestations and certifications applicable to its services and Data Centers.
OVHcloud makes compliance user-friendly, so our customers can spend less time on compliance initiatives and more time running their businesses.
Compliance Program
OVHcloud adheres to rigorous security standards associated with various industry-specific compliance frameworks from our Infrastructure as of Service (IaaS) services to our Data Centers. OVHcloud is dedicated to delivering cloud services that adopt industry best practices to meet a comprehensive set of security and compliance standards. OVHcloud uses independent third-party auditors to conduct audit examinations across a wide range of specific compliance requirements.
Please click "Learn more" for each Compliance Program listed below for information regarding the OVHcloud services and Data Centers having received the applicable accreditation.
OVHcloud Services
OVHcloud Services comply with the following:
Services vs. Attestations/Certificates |
||||||
| ISO 27001 ISO 27017 ISO 27018 ISO 27701 Attestation / Certificate |
SSAE18 Type 2 SOC 1 | SSAE18 Type 2 SOC 2 | SSAE18 Type 2 SOC 3 | HIPAA Type 1 | PCI DSS | |
| Hosted Private Cloud (HPC) | ✘ | ✘ | ✘ | ✘ | ✘ | |
| Dedicated Servers (Bare Metal Servers) | ✘ | ✘ | ✘ | ✘ | ✘ | |
| Public Cloud Instance (PCI) | ✘ | ✘ | ✘ | ✘ | ✘ | |
| Virtual Private Servers (VPS) | ✘ | ✘ | ✘ | ✘ | ✘ | |
| US Data Centers (Vint Hill & Hillsboro) | ✘ | ✘ | ✘ | ✘ | ✘ | ✘ |
- ISO/IEC 27001: 2013 Certificate expires June 25, 2022
- ISO/IEC 27001: 2013 Attestation Type 1 as of December 31, 2020
- Type 2 SOC 1 (AICPA SSAE No. 18 and IAASB ISAE 3402 Standards) as of January 1 – December 31, 2020
- Type 2 SOC 2 (AICPA SSAE No. 18) as of January 1 – December 31, 2020
- Type 1 HIPAA and HITECH as of December 31, 2020
- Payment Card Industry (PCI) Data Security Standard (DSS) for US Data Centers AOC as of January 13, 2021
- Cloud Security Alliance - Consensus Assessments Initiative Questionnaire (CAIQ)
Additional Services
ISO 27001 Certificate & Attestation Reports
Upon request, customers can obtain our annual attestation reports and ISO 27001 certificate by contacting their sales representative, or by emailing legal@corp.ovh.us. Prospective customers can obtain our AIPCA SSAE18 Type 2 SOC 3 attestation report.
Security Advisory Service
The OVHcloud Security and Compliance team will support your organization's security or compliance teams with advisory services, with the option of completing questionnaires on the Information Security Management System ("ISMS") and OVHcloud's US Data Centers security measures.