The OVH Group’s Dedicated Cloud offering has been recently recognized as being in compliance with the international SOC 1 (SSAE 16 and ISAE 3402) and SOC 2 type II standards. The group continues its overall certification strategy to have its cloud hosting and web hosting services recognized as conforming to best practices and international standards.
Security is critical for the OVH Group, which markets its private cloud solution to enterprises since 2010. While the SOC 1 and 2 type I compliance in 2014 pertained to putting in place procedures and controls to assure security and high availability of the Dedicated Cloud service, SOC 1 and SOC 2 type II are focused on the effectiveness and rigor of these procedures and controls.
An audit was conducted over a six month period, by the independent firm KPMG, concerning the Dedicated Cloud service in 4 of OVH Group’s data centers: 3 in France and 1 in Canada. The auditors evaluated and validated the controls managed by the group, on the following points:
- security policies;
- risk assessment and incident management;
- physical and logical access;
- service availability;
- data confidentiality and integrity.
“For our customers, these standards assure that we implement and rigorously follow, the internal controls and measures related to the security of our information systems,” said Thibaud Saudrais, in charge of quality assurance within the OVH Group.
Founded in 1999, the OVH Group currently has 200,000 physical servers under management and a network bandwidth capacity of 3,500 Gbps.