Demand for data protection and security leads OVHcloud to extend ISO 27001 and ISO 27701 certifications to all its cloud solutions
Europe’s leading cloud services provider confirms its commitment to delivering cloud solutions with maximum security for its services, and new guarantees for customer data confidentiality
OVHcloud announced today that it has achieved new certifications in information security and data privacy, marking a new phase in its broader certification policy and commitment to customers.
With the newly obtained ISO/IEC 27001 and ISO/IEC 27701 for the majority of its cloud solutions, OVHcloud has further consolidated its range in order to strengthen customer trust in the security of its infrastructure. The scope of certification covers the following products:
- Public Cloud: Compute, Storage (Block, Object, Archive, Snapshot, Instance Backup), Managed Kubernetes® Service, Cloud Databases, Data Processing, ML Serving and AI Training.
- Hosted Private Cloud Premier, Managed Bare Metal, Bare Metal Servers, NAS, Backup storage, Logs Data Platform and Trusted Exchange.
For these products and all supporting information systems, OVHcloud has implemented an Information Security Management System (ISMS) and Personal Information Management Systems (PIMS) evaluated by a third-party auditor as part of an in-depth audit. This audit resulted in the obtaining of:
- Certification according to the ISO/IEC 27001 standard supplemented by the requirements of ISO/IEC 27017, specific to cloud services security and ISO/IEC 27018 relating to the requirements of personal data protection. This certification enables all organisations and their DevOps teams to deploy services in an OVHcloud environment in accordance with the highest security standards.
- Certification according to the ISO/IEC 27701 standard, to clarify how personal data hosted by customers on OVHcloud solutions is specifically protected. This recent certification (2019), which still involves a few players, is based on a global standard that reflects most of the requirements of the General Data Protection Regulation(GDPR) in a standardised manner.
According to the IDC FutureScape study “Worldwide Cloud 2021 Predictions”, over 80% of enterprises evaluating cloud services for privacy-sensitive workloads will mandate the protection of data sovereignty and the ability to control the corresponding processes across the geographies concerned.
OVHcloud has been committed for many years to constantly improving the security of its information systems. In 2013, the European cloud leader achieved ISO 27001 certification for its Hosted Private Cloud solution and then in 2019 for its Bare Metal Cloud servers.
As a cloud provider, OVHcloud has also adopted a multi-local approach to compliance: in the UK the Data Protection Act 2018 alongside the UK GDPR are supported as well as being a named public sector supplier for the Crown Commercial Service’s (CCS) G-Cloud 12 agreement. In other countries, OVHcloud supports HDS in France for health data hosting and is developing a roadmap tailored to local regulations such as C5 in Germany, AGID in Italy and ENS in Spain.
“Our certification policy is guided and shaped by the security requirements of our customers,” says Sylvain Rouri, Chief Sales Officer for OVHcloud. “We’re delighted to offer public- and private-sector organisations a portfolio of certified cloud solutions so they can host their data on infrastructure guaranteeing the highest level of security and data protection.”
"This dual certification, which applies to the vast majority of our cloud products, is an important step in our approach to security. It provides a virtuous management framework to ensure that good security and personal data protection practice is taken into account and to also improve transparency for our customers," says Julien Levrard, Chief Information Security Officer at OVHcloud.
XMCO supported this approach as internal auditor of OVHcloud’s management system. The external certification audit was conducted by the Laboratoire National de Métrologie et d'Essais (LNE).
For more about OVHcloud’s compliance and certification policy: https://www.ovhcloud.com/en/enterprise/certification-conformity/