Register

What is SOC-2?

SOC-2, developed by the American Institute of CPAs (AICPA), is a globally recognized framework that provides organizations with a set of criteria to ensure the security, availability, processing integrity, confidentiality, and privacy of customer data. It is particularly important for service providers that store or process sensitive information, as it offers a rigorous assessment of the controls and processes in place to protect that data. By aligning with SOC-2, organizations demonstrate their commitment to maintaining a high standard of operational integrity and security.

For companies doing business across the Atlantic and beyond, SOC-2 compliance holds significant value. As a widely accepted standard, SOC-2 is not only relevant in the United States but is also recognized by organizations and regulatory bodies in Europe and other regions. This makes SOC-2 particularly important for global cloud service providers, such as Exoscale, who must meet diverse regulatory requirements while providing assurance to customers and partners across different jurisdictions. By maintaining SOC-2 compliance, Exoscale ensures that its operations meet the rigorous expectations of clients worldwide, facilitating smoother cross-border business relationships and instilling confidence in the security of our services.

Since 2023, Exoscale has been audited under the SOC-2 framework, earning a Type 2 report that reflects our ongoing commitment to security and operational excellence. This report, available on our compliance center, provides a detailed evaluation of how our controls have been consistently effective over time, offering transparent assurance to our customers that their data is handled with the highest standards of security and compliance. With SOC-2 compliance, Exoscale not only meets industry benchmarks but also strengthens its position as a trusted partner in the global marketplace.

FAQ

What is the difference between a SOC-1 and SOC-2 report?

A SOC-1 report focuses on an organization’s controls relevant to financial reporting, providing assurance about the accuracy and reliability of financial statements. In contrast, a SOC-2 report evaluates the effectiveness of controls related to security, availability, processing integrity, confidentiality, and privacy, ensuring that data is managed securely and with integrity. SOC-2 is particularly relevant for organizations that handle sensitive information, offering a broader assessment of a company’s internal controls beyond just financial reporting.

Download additional compliance reports from the Exoscale compliance center.

Exoscale

Contact our Compliance Team

A doubt? Unsure if we comply to a specific regulation not listed here?

Contact our Compliance Team and let us know your requirements. It may be covered by other certifications or regulations we comply to.