Compliance: AICPA SSAE 18 Service Organization Control (SOC)

SOC 1 Type II and SOC 2 Type II Certifications

SOC 1 Type 2 and SOC 2 Type 2 Attestations

According to the American Institute of Certified Public Accountants (AICPA), SOC reports are internal control reports on the services provided by a service organization providing valuable information that users need to assess and address the risks associated with an outsourced service.


In other words, Statement on Standards for Attestation Engagements (SSAE) 18 is used to regulate how companies conduct business, and more specifically it defines how companies report on compliance controls. These reports are called SOC 1, SOC 2, and SOC 3.

  • SOC 1 is a control report for service organizations, which pertains to internal control over financial reports.
  • SOC 2 is a report that evaluates the business information system that relates to security, availability, processing integrity, confidentiality, and privacy. OVH US SOC 2's scope is security and availability for our product offerings.
  • SOC 3 is a general use report and does not provide the examination details as the SOC 1 and SOC 2. The SOC 3 report is primarily used as marketing material.


The scope of the OVH US Type 2 SOC 1, 2, & 3 examinations is OVH US products and US data centers:



  • Dedicated Servers
  • Hosted Private Cloud
  • Public Cloud Services

US Data Centers:

  • Vint Hill, Virginia (East Coast)
  • Hillsboro, Oregon (West Coast)


Two Trust Service Categories in scope for the Type 2 SOC 1, SOC 2, and SOC 3 examinations are:

  • Security - Information and Systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems and affect the entity's ability to meet its objectives.
  • Availability - Information and systems are available for operation and use to meet the client's (user entity) objectives.


US customers utilizing OVH international data centers and requiring SOC attestation reports should contact your sales representative or email

Contact us