Compliance Security

Security Referential 🔗

Organizations can need help maintaining an ever-growing number of compliance standards and security frameworks.

Exoscale has extensive compliance documentation for various standards and security frameworks, making it easy for organizations to meet all the requirements.

The Security Referential is a set of standards and best practices that we follow to ensure the security of our infrastructure and services. It includes guidelines on access control, network security, data protection, and incident response.

The Security Referential is based on industry standards and is regularly updated to address new security threats and vulnerabilities. Customers can use the Security Referential as a reference for their security needs and compliance requirements.

Certified Security 🔗

The security of your data is our highest priority, and we work hard to ensure that our platform meets the highest security standards.

We believe trust is essential. Therefore, we regularly undergo third-party audits to help you meet your compliance obligations.

Secure Control Framework 🔗

To maintain that documentation, Exoscale has developed its security referential based on the 32 Control Domains of the SCF framework.

This referential allows us to implement a single set of security controls while meeting all the requirements of the targeted standards and frameworks.

Our Security Control Domains 🔗

1. Security & Privacy Governance
2. Asset Management
3. Business Continuity & Disaster Recovery
4. Capacity & Performance Planning
5. Change Management
6. Cloud Security
7. Compliance
8. Configuration Management
9. Continuous Monitoring
10. Cryptographic Protections
11. Data Classification & Handling
12. Embedded Technology
13. Endpoint Security
14. Human Resources Security
15. Identification & Authentication
16. Incident Response
17. Information Assurance
18. Maintenance
19. Mobile Device Management
20. Network Security
21. Physical & Environmental Security
22. Privacy
23. Project & Resource Management
24. Risk Management
25. Secure Engineering & Architecture
26. Security Operations
27. Security Awareness & Training
28. Technology Development & Acquisition
29. Third-Party Management
30. Threat Management
31. Vulnerability & Patch Management
32. Web Security