Newsletter Blog Partner Programs Academy Contact us
Products
Compute Instances Managed Kubernetes DBaaS Object Storage Block Storage GPU Servers
All products
Marketplace
Pricing
Resources
Documentation API Integration Support
Changelog
Register
Products Compute Instances Managed Kubernetes DBaaS Object Storage Block Storage GPU Servers
All products
Marketplace
Pricing
Resources Documentation API Integration Support
What's new
ISO/IEC 27001:2022

Information Security Management System (ISMS)

At Exoscale, safeguarding your data is our highest priority. Our ISO/IEC 27001:2022 certification demonstrates our commitment to international best practices in information security management and risk mitigation.
Access compliance center

What is ISO/IEC 27001:2022?

ISO/IEC 27001:2022 is the leading international standard for information security management systems (ISMS), jointly published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

It sets out the criteria for establishing, implementing, maintaining, and continually improving an ISMS — including requirements for assessing and treating information security risks. The standard applies to organizations of all types and sizes, helping them systematically protect sensitive data, comply with legal requirements, and strengthen business resilience.


Access the certificate and audit reports via our Compliance Center.

FAQ

What are the main requirements?

ISO/IEC 27001:2022 provides a comprehensive framework for managing information security risks. The key requirements include:

  • Scope & Context: Define the boundaries and applicability of your ISMS in relation to your organization’s context and stakeholders.

  • Leadership & Commitment: Senior management must actively lead and support information security, assigning clear roles and responsibilities.

  • Planning & Risk Management: Identify risks, set information security objectives, and plan risk treatment and continuous improvement.

  • Support: Provide adequate resources, ensure staff are trained and aware, and maintain documented information.

  • Operation: Implement risk treatment plans, manage operations securely, and respond to security events.

  • Performance Evaluation: Regularly monitor, measure, audit, and review your ISMS to ensure effectiveness.

  • Improvement: Continually improve your ISMS based on results from monitoring, audits, incidents, and management reviews.

  • Annex A Controls: The standard includes an updated set of 93 controls (Annex A), covering areas like organizational controls, people controls, physical controls, and technological controls.

Exoscale

Contact our Compliance Team

Questions about compliance or need documentation for your due diligence? Reach out to our Compliance Team and let us know your requirements — we’re here to help.