Certified ISMS picto

Certified ISMS

Exoscale is certified for ISO 27001 for its Information Security Management System (ISMS).

Standards and regulations picto

Standards and regulations

Exoscale is compliant with various standards and regulations, such as GDPR and HIPAA.

Industry specific compliance picto

Industry specific compliance

Exoscale aims to provide industry specific compliance for verticals such as banking, healthcare, government and the automotive industry.

Security Referential

With an ever-growing number of compliance standards and security frameworks, it can be difficult for organizations to keep up. Exoscale has extensive compliance documentation for various standards and security frameworks, making it easy for organizations to ensure they are meeting all the necessary requirements.

In order to be able to maintain that documentation, Exoscale has developed its own security referential based on the 32 Control Domains of the SCF framework. This referential allows us to implement a single set of security controls while being able to meet all the requirements of the targeted standards and frameworks.

Certified Security

The security of your data is our highest priority and we work hard to ensure that our platform meets the highest security standards. We believe trust is essential to durable relations, and we aspire to get yours. To do so, we regularly undergo third-party audits to help you meet your compliance obligations. We commit to take a stand for our core values of security and privacy, to be the safe and reliable IaaS partner you are looking for.

Get an overview of our ISO certificates and level of compliance to many frameworks and laws and regulations.

Datacenter Certifications

All Exoscale zones are hosted in carefully selected state-of-the-art datacenters. Datacenters must pass a stringent set of criteria as defined in our datacenter requirements guidelines including holding various security and quality certifications.

The list of available certifications for each our datacenter location is available in the table below.

National and international information security standards

Security control frameworks

Laws and regulations

Download additional compliance reports from the Exoscale compliance center


Our Security Control Domains

  • Security & Privacy Governance
  • Asset Management
  • Business Continuity & Disaster Recovery
  • Capacity & Performance Planning
  • Change Management
  • Cloud Security
  • Compliance
  • Configuration Management
  • Continuous Monitoring
  • Cryptographic Protections
  • Data Classification & Handling
  • Embedded Technology
  • Endpoint Security
  • Human Resources Security
  • Identification & Authentication
  • Incident Response
  • Information Assurance
  • Maintenance
  • Mobile Device Management
  • Network Security
  • Physical & Environmental Security
  • Privacy
  • Project & Resource Management
  • Risk Management
  • Secure Engineering & Architecture
  • Security Operations
  • Security Awareness & Training
  • Technology Development & Acquisition
  • Third-Party Management
  • Threat Management
  • Vulnerability & Patch Management
  • Web Security

Contact our Compliance Team

Have doubts? Unsure if we comply to a specific regulation not listed here?

Contact our Compliance Team and let us know your requirements. It may be covered by other certifications or regulations we comply to.