Standards and Regulations
Exoscale is compliant with various standards and regulations, such as GDPR and HIPAA.
Compliance
Information security management, privacy and processes assessed by ISO standards.
Full compliance to global and local security frameworks, certified by world's most stringent auditors, to enable a smooth and safe adoption of our cloud platform by SaaS providers and enterprises in every sector.
Certified ISMS
Exoscale is certified for ISO 27001 for its Information Security Management System (ISMS).
Industry Specific Compliance
Exoscale aims to provide industry specific compliance for verticals such as banking, healthcare, government and the automotive industry.
Security Referential
With an ever-growing number of compliance standards and security frameworks, it can be difficult for organizations to keep up. Exoscale has extensive compliance documentation for various standards and security frameworks, making it easy for organizations to ensure they are meeting all the necessary requirements.
In order to be able to maintain that documentation, Exoscale has developed its own security referential based on the 32 Control Domains of the SCF framework.
This referential allows us to implement a single set of security controls while being able to meet all the requirements of the targeted standards and frameworks.
Certified Security
The security of your data is our highest priority and we work hard to ensure that our platform meets the highest security standards. We believe trust is essential to durable relations, and we aspire to get yours. To do so, we regularly undergo third-party audits to help you meet your compliance obligations. We commit to take a stand for our core values of security and privacy, to be the safe and reliable IaaS partner you are looking for.
Get an overview of our ISO certificates and level of compliance to many frameworks and laws and regulations.
Datacenter Certifications
All Exoscale zones are hosted in carefully selected state-of-the-art datacenters. Datacenters must pass a stringent set of criteria as defined in our datacenter requirements guidelines including holding various security and quality certifications.
The list of available certifications for each our datacenter location is available in the table below.
National and international information security standards
Security control frameworks
Laws and regulations
Download from the Exoscale Compliance Center additional Compliance Reports
Our Security Control Domains
- Security & Privacy Governance
- Asset Management
- Business Continuity & Disaster Recovery
- Capacity & Performance Planning
- Change Management
- Cloud Security
- Compliance
- Configuration Management
- Continuous Monitoring
- Cryptographic Protections
- Data Classification & Handling
- Embedded Technology
- Endpoint Security
- Human Resources Security
- Identification & Authentication
- Incident Response
- Information Assurance
- Maintenance
- Mobile Device Management
- Network Security
- Physical & Environmental Security
- Privacy
- Project & Resource Management
- Risk Management
- Secure Engineering & Architecture
- Security Operations
- Security Awareness & Training
- Technology Development & Acquisition
- Third-Party Management
- Threat Management
- Vulnerability & Patch Management
- Web Security
Contact our Compliance Team
Have doubts? Unsure if we comply to a specific regulation not listed here?
Contact our Compliance Team and let us know your requirements.
It may be covered by other certifications or regulations
we comply to.