Compliance
Overview
Exoscale operates a comprehensive Information Security Management System (ISMS) aligned with international standards and independently audited on a regular basis. Our compliance framework is designed to provide customers with transparency and assurance regarding the confidentiality, integrity, and availability of their data.
Exoscale has been ISO/IEC 27001 certified since 2018 and continuously extends its certification perimeter and assurance portfolio. We maintain compliance with the latest versions of the applicable standards.
Third-Party Certifications and Attestations
Framework | Description | Type | Latest Revision |
---|---|---|---|
ISO/IEC 27001 | Information Security Management System | Certification | 2022 |
ISO/IEC 27017 | Security controls for cloud services | Certification | 2022 |
ISO/IEC 27018 | Protection of Personally Identifiable Information (PII) in public clouds | Certification | 2022 |
SOC 2 Type 2 | Attestation over the design and operating effectiveness of controls based on AICPA Trust Services Criteria | Attestation (Type 2) | Reporting period: May 1st – May 1st |
BSI C5 Type 2 | German Cloud Computing Compliance Criteria Catalogue (C5:2020) | Attestation (Type 2) | Reporting period: May 1st – May 1st |
HDS | French health data hosting certification (hébergement de données de santé) | Certification | Scope: 1–4 and 6 |
TISAX Level 2 | Trusted Information Security Assessment Exchange for the automotive industry | Assessment | Available to registered partners on the ENX portal |
All certifications and attestations are performed by accredited third-party auditors. The full set of certificates and reports can be accessed from the Compliance Center in the Exoscale Portal (see below).
Compliance Center
The Compliance Center is available to all registered Exoscale customers directly from the Exoscale Portal.
It provides self-service access to the latest compliance documentation once a Non-Disclosure Agreement (NDA) has been accepted electronically.
Available documentation includes:
- ISO/IEC 27001, 27017, and 27018 certificates
- SOC 2 Type 2 and BSI C5 Type 2 reports
- Exoscale Compliance Statement
- Green energy certificates for our regions
- Third-party compliance data from data center operators
- HDS and TISAX certificates
- Additional environmental and regulatory disclosures
The Compliance Center ensures that customers can independently verify Exoscale’s compliance posture and access all relevant supporting documentation under confidentiality.
Support for Regulated Industries
Exoscale supports customers operating in regulated industries that must demonstrate compliance with specific legal and regulatory frameworks.
Our security and governance controls are designed to help customers meet the requirements of regulations such as:
- HIPAA (Health Insurance Portability and Accountability Act – United States)
- FINMA Circular 2018/3 on outsourcing (Switzerland)
- DORA (Digital Operational Resilience Act – EU Regulation 2022/2554)
Through tailored contractual arrangements, Exoscale can provide the necessary guarantees to support customers’ regulatory obligations related to data protection, operational resilience, and third-party risk management.
Customers who require enhanced assurances or specific contractual terms can contact our Support team to discuss available options.
Data Center Operators and Subcontractors
Exoscale relies on trusted partners to operate its regional data centers. Each facility meets stringent physical and procedural security requirements.
Data center operators must hold, at a minimum, ISO 9001:2015 and ISO/IEC 27001:2022 certifications covering access control, operational security, and facility management.
Data Center | Region | Slug | Operator |
---|---|---|---|
Frankfurt, Germany | DE-FRA-1 | de-fra-1 | Equinix |
Munich, Germany | DE-MUC-1 | de-muc-1 | Equinix |
Geneva, Switzerland | CH-GVA-2 | ch-gva-2 | Equinix |
Zurich, Switzerland | CH-DK-2 | ch-dk-2 | Equinix |
Vienna, Austria | AT-VIE-1 | at-vie-1 | A1 Telekom Austria Group |
Vienna, Austria | AT-VIE-2 | at-vie-2 | A1 Telekom Austria Group |
Sofia, Bulgaria | BG-SOF-1 | bg-sof-1 | A1 Telekom Austria Group |
All data centers implement modern security controls for physical access, environmental monitoring, and redundant power and connectivity. Exoscale regularly reviews its suppliers’ compliance posture as part of its ISMS.
Continuous Improvement
Exoscale continuously reviews and improves its security and compliance programs to meet evolving international standards, regulatory requirements, and customer expectations.
Our integrated management approach ensures consistent application of best practices across all regions and services.
For questions regarding compliance, certifications, or to request specific documentation, please contact our Support team.