Standards and Regulations
Exoscale complies with leading standards and regulations such as GDPR and HIPAA, providing confidence in data protection and security.
Compliance
Security management, privacy, and processes assessed by global standards.
Exoscale is committed to the highest standards of information security, privacy, and compliance.
We are certified by world-leading auditors and comply with global and local security frameworks, empowering SaaS providers and enterprises in every sector to adopt cloud with total confidence.
Certified ISMS
Our Information Security Management System (ISMS) is certified to ISO 27001, the global gold standard for information security.
Industry Specific Compliance
Exoscale supports industry-specific compliance for verticals including banking, healthcare, government, and automotive—making cloud adoption simple for regulated sectors.
Security Referential
Keeping pace with evolving security frameworks and standards can be challenging. Exoscale provides extensive, up-to-date compliance documentation for a wide range of certifications and frameworks, making it easy for you to demonstrate compliance to your stakeholders.
To maintain this transparency and agility, we have developed our own security referential based on the 32 Control Domains of the Secure Control Framework (SCF).
This unified approach allows us to implement a single set of security controls mapped to multiple global standards—minimizing audit fatigue and streamlining compliance.
Certified Security
The security of your data is our highest priority. We continually invest in people, processes, and technology to ensure that our platform meets—and exceeds—the world’s strictest security requirements.
We believe trust is the foundation of all partnerships. That’s why we submit to regular independent audits and provide you with direct access to our ISO certificates and comprehensive compliance reports—helping you meet your own regulatory obligations with confidence.
Datacenter Certifications
Every Exoscale zone is hosted in rigorously vetted, state-of-the-art datacenters. Our data center partners must meet a strict set of security and quality standards and maintain relevant certifications.
For a detailed list of available certifications by location, visit our datacenter page.
National and international information security standards
ISO/IEC 27001:2022
Certified management of information security.
ISO/IEC 27017:2015
Certified cloud security controls.
ISO/IEC 27018:2019
Certified personal data protection for the cloud.
BSI C5
German standard for secure cloud operations.
SOC-2
Assured controls for managing customer data.
HDS
Certified French health data hosting.
Security control frameworks
Laws and regulations
Access additional compliance reports at the Exoscale Compliance Center.
Our Security Control Domains
- Security & Privacy Governance
- Asset Management
- Business Continuity & Disaster Recovery
- Capacity & Performance Planning
- Change Management
- Cloud Security
- Compliance
- Configuration Management
- Continuous Monitoring
- Cryptographic Protections
- Data Classification & Handling
- Embedded Technology
- Endpoint Security
- Human Resources Security
- Identification & Authentication
- Incident Response
- Information Assurance
- Maintenance
- Mobile Device Management
- Network Security
- Physical & Environmental Security
- Privacy
- Project & Resource Management
- Risk Management
- Secure Engineering & Architecture
- Security Operations
- Security Awareness & Training
- Technology Development & Acquisition
- Third-Party Management
- Threat Management
- Vulnerability & Patch Management
- Web Security
Contact our Compliance Team
Have questions about compliance, certifications, or security standards? Contact our Compliance Team—we’re here to help you meet your regulatory and business requirements with confidence.