Compliance and certifications

Ultra secure sovereign hosting: data and infrastructure security and sovereignty are key concerns for citizens, especially within the context of the mass domination of digital stakeholders from the US and China. This is why Scaleway designs, manages and operates its own data centers which meet European regulatory standards and certifications.

Scaleway is committed to a demanding certification process which corresponds to the highest market standards. Many of its products are already ISO 27001 and HDS certified, and our approach is leading us in the direction of ENISA certifications, a European certification that will ultimately replace the French SecNumCloud. Our data centers are designed to withstand fire risks and have obtained the most stringent APSAD certifications.

 

Compliance and certifications in more detail

ISO 27001:2013 - Information security management system

The ISO 27001:2013 standard certifies the implementation of an information security management system.

This standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system.

It guarantees that security best practices are followed for data protection.

HDS - Health data hosting

The HDS standard certifies the implementation of a personal health data security system.

This standard specifies requirements for establishing, implementing, maintaining and continually improving a personal health data protection system.

It guarantees that best security practices are followed to protect your personal health data.

The HDS certification relies on the same scope as the ISO 27001 standard.

ISO 50001:2018 - Energy management systems

The ISO 50001:2018 standard certifies the implementation of an energy management system.

This standard specifies requirements for establishing, implementing, maintaining and continually improving an energy management system.

It guarantees that energy management best practices are followed to help you manage costs.

GDPR

The General Data Protection Regulation (EU) 2016/679 (GDPR) was adopted by the European Parliament on 14 April 2016, and became enforceable on 25 May 2018. GDPR contains provisions and requirements related to the processing of personal data of individuals from the European Union.

Scaleway, as a data processor, implements all necessary technical and organizational measures in order to guarantee the security and confidentiality of clients’ data, in accordance with GDPR.

For more information about our commitments, see our Data Processing Agreement.

Tier 3 Uptime Institute: 2014

The Uptime Institute certification measures a data center’s capacity for reaching a specific level of performance for the services provided dependent on availability, redundancy and fault tolerance.

SWIPO

SWIPO (SWitching Cloud and POrting data) AISBL is a multi-stakeholder association facilitated by the European Commission with the mission to develop voluntary Codes of Conduct in support of Article 6 “Porting of Data” of the Free Flow on Non Personal Data Regulation (EU) 2018/1807.

Scaleway has declared adherence of several of its services to SWIPO’s code of conduct for Infrastructures as a Service (IaaS). The related transparency statement can be made available upon request.

Our commitments

Security and resilience

At Scaleway, there is no compromise when it comes to your data.

Learn more

Compute more, burn less

Fully transparent data center efficiency and environmental footprint.

Learn more

Design considerations and recommendations

Data is a shared responsibility – between provider and customer. Design considerations and our recommendations for data protection.

Learn more