Press Release

Dedicated Cloud is SOC 1 (SSAE 16 and ISAE 3402) and SOC 2 type II compliant

Security is critical for the OVH Group, which markets its private cloud solution to enterprises since 2010. While the SOC 1 and 2 type I compliance in 2014 pertained to putting in place procedures and controls to assure security and high availability of the Dedicated Cloud service, SOC 1 and SOC 2 type II are focused on the effectiveness and rigor of these procedures and controls.

An audit was conducted over a six month period, by the independent firm KPMG, concerning the Dedicated Cloud service in 4 of the group’s datacenters: 3 in France and 1 in Canada. The auditors evaluated and validated the controls managed by the group, on the following points:

• security policies;
• risk assessment and incident management;
• physical and logical access;
• service availability;
• data confidentiality and integrity.

"For our customers, these standards assure that we implement and rigorously follow, the internal controls and measures related to the security of our information systems," explains Thibaud Saudrais, in charge of quality assurance within the OVH Group.