Attestations & Certifications

Protection of our customer data is very important to OVHcloud. Thus, OVHcloud takes the necessary steps to protect customer data to ensure security and availability by implementing high levels of transparency, standards, governance, and regulatory compliance. The OVHcloud IaaS services are provided to our customers through Data Centers, servers, and a network owned and operated by OVHcloud.

OVHcloud services are built from the ground up to address our customers' most rigorous security and privacy demands. OVHcloud provides a comprehensive set of compliance offerings, including attestations and certifications applicable to its services and Data Centers.

OVHcloud makes compliance user-friendly, so our customers can spend less time on compliance initiatives and more time running their businesses.

Learn more about Data Protection at OVHcloud.

Global security management

OVHcloud has independent third-party audit firms that conduct annual attestations and certification examinations to evaluate the solutions we offer.

Standards and regulations

OVHcloud adheres to rigorous security standards associated with various industry-specific compliance frameworks for our Infrastructure as a Service (IaaS) products and Data Centers.

Industry best practices

OVHcloud is dedicated to delivering cloud services that adopt industry best practices for a comprehensive set of security and compliance standards.

Compliance Program

ISO 27001 / 27017 / 27018

ISO/IEC 27001:2013 Certification and ISMS relating to information security management systems for cloud services.

ISO 27701

ISO/IEC 27701:2019 Certification and PIMS relating to personal data processing security management.

SSAE 18 Type 2 SOC 1, SOC 2 + NIST, and SOC 3 Attestations

AICPA certification SSAE 16/ISAE 3402 Type 2 for control over financial reporting.

CSA STAR

Cloud Security Alliance (CSA)

Security Trust Assurance Risk (STAR) Self-Assessment

HIPAA

Compliance with the United States Health Insurance Portability and Accountability Act in our US data centers.

PCI DSS

Lever 1 Payment Card Industry Data Security Standard certification relating to payment data hosting.

Services vs. Attestations/Certificates

Available only in our Vint Hill, VA, and Hillsboro, OR data centers.

	ISO 27001 ISO 27017 ISO 27018 ISO 27701 Certification	SSAE18 Type 2 SOC 1	SSAE18 Type 2 SOC 2	SSAE18 Type 2 SOC 3	HIPAA Type 1	PCI DSS
Hosted Private Cloud (HPC)	✘	✘	✘	✘	✘	✘
Dedicated Servers (Bare Metal Servers)	✘	✘	✘	✘	✘	✘
Public Cloud Instance (PCI)	✘	✘	✘	✘	✘
Virtual Private Servers (VPS)	✘	✘	✘	✘	✘

ISO/IEC 27001:2022 OVHcloud Certificate includes ISO 27017 / ISO 27018 and ISO 27701 (Privacy) and expires June 24, 2025.
Type 2 SOC 1 (AICPA SSAE No. 18 and IAASB ISAE 3402 Standards) as of January 1 – December 31, 2024
Type 2 SOC 2 (AICPA SSAE No. 18) + NIST as of January 1 – December 31, 2024
Type 2 SOC 3 (AICPA SSAE No. 18) as of January 1 – December 31, 2024
Type 1 HIPAA and HITECH as of December 31, 2024
Payment Card Industry (PCI) Data Security Standard (DSS) AOC as of March 29, 2024
Cloud Security Alliance - Consensus Assessments Initiative Questionnaire (CAIQ)

Contact Us

We are here to help you get started. You may schedule a free consultation with an OVHcloud advisor to discuss an architecture that best suits your business needs.

Contact us

Additional services

ISO 27001 Certificate

The ISO 27001 Certificate is available on our third-party audit firm’s website. Prospective customers can obtain our AIPCA SSAE18 Type 2 SOC 3 attestation report.

Security Advisory Services

The OVHcloud Security and Compliance teams will support your organization's security and compliance teams with advisory services, with the option of completing questionnaires on the Information Security Management System ("ISMS") and US Data Centers' security measures.