Certifications

OVH guarantees that your Private Cloud complies with ISO/IEC 27001:2013 certification, SOC 1 Type II (SSAE 16 and ISAE 3401) and SOC 2 Type II international certifications and PCI DSS level 1 certification.

ISO 27001, SOC 1 and SOC 2

OVH has gained ISO 27001 certification because it complies with ISO 27002 good information security management practices and ISO 27005 standards for risk assessment and risk handling.

SOC 1 Type II certifies that OVH has clearly defined and implemented controls to protect the data of its customers. SOC 2 Type II evaluates these controls against the international standard, established by the AICPA (American Institute of Certified Public Accountants) in its principles on confidential services (Trust Services Principles).

Public documents

ISO certificate

Sections I of SOC 1 Type II report (ISAE 3402 or SSAE 16)

Sections I of SOC 2 Type II

Free


ISO service

ISMS Scope and Perimeter

Public Statement of Applicability

Audit report

£425 ex. VAT

Subject to the signing of an NDA


SOC service

Full report SOC 1 Type II (SSAE 16 or ISAE 3402)

Full report SOC 2 Type II

Upon request

Subject to the signing of an NDA



CSA STAR self-assessment

OVH is listed in the Cloud Security Alliance's STAR registry for its Private Cloud solution. This initiative informs OVH customers that OVH's cloud computing services conform to the CSA's best practices. It also details the controls that OVH has implemented to ensure the security of information systems.


Consensus Assessments Initiative Questionnaire (CAIQ)

Free


PCI DSS Level 1

The PCI DSS Level 1 certification (Payment Card Industry Data Security Standard) gives assurance to banks and users of online services that companies who handle confidential payment card data comply with specific security requirements.


PCI DSS security extended to all your VMs

Upon request


On-site audit

Upon request and under certain conditions, OVH can provide documentation relating to these certifications. OVH authorises audits which are carried out by third parties in order to provide all interested parties with certification. If you use a different benchmark to ISO 27001 or SOC, you can ask OVH to complete your questionnaire.

Customised security service

Consultation service, with the option of completing a questionnaire on the security measures in the OVH datacentres.


Upon quotation