ISO 27001 / ISMS
Why important?
Baseline ISMS certification; often a tender requirement.
How measured?
Scale 0–5 + N/A:
- 0 = No ISO 27001 evidence
- 1 = Planned/announced, unclear
- 2 = ISO 27001 present, scope very limited/unclear
- 3 = ISO 27001 for relevant core scope, but scope/SoA only partially transparent
- 4 = ISO 27001 broad + scope/SoA well documented
- 5 = ISO 27001 (accredited) + clear scope (services/regions) + auditably evidenced
- N/A = no reliable evidence
Sources / Evidence
- https://www.aboutamazon.eu/news/aws/built-operated-controlled-and-secured-in-europe-aws-unveils-new-sovereign-controls-and-governance-structure-for-the-aws-european-sovereign-cloud
- https://cloud.ionos.de/zertifikate
- https://stackit.com/en/sovereign-cloud/data-sovereign-cloud/
- https://www.open-telekom-cloud.com/en/products-services/core-services/certifications
- https://www.plusserver.com/en/company/certificates-and-attestations/
- https://www.oracle.com/asean/cloud/eu-sovereign-cloud/
- https://upcloud.com/compliance-and-security/
- https://www.exoscale.com/compliance/
- https://www.hetzner.com/assets/downloads/ISO-Certificate.pdf
- https://www.scaleway.com/en/security-and-resilience/
- https://www.plusserver.com/wp-content/uploads/2023/09/20251014_plusserver-ISO-27001-2022-Zertifikat-und-Statement-of-Applicability-SoA-DE.pdf
Validation questions (RFP)
- Which sites/services are ISO 27001 certified? What is the SoA? What is the audit frequency?
Scores comparison
| Providers | Score | |
|---|---|---|
| Microsoft Sovereign Cloud | 5.0 | |
| Exoscale | 4.0 | |
| Hetzner Cloud | 4.0 | |
| OVHcloud Public Cloud (inkl. SecNumCloud) | 4.0 | |
| Scaleway | 4.0 | |
| SysEleven OpenStack Cloud | 4.0 | |
| Cloud Temple Trusted Cloud | 4.0 | ISO 27001 certified (since 2019). HDS certified (Hébergeur de Données de Santé). Certificates publicly referenced. |
| Infomaniak Public Cloud | 4.0 | ISO/IEC 27001:2022 certified (since 2018). Certificate publicly available (PDF). Additionally ISO 9001, ISO 14001, ISO 50001. |
| T Cloud Public | 4.0 | |
| noris Sovereign Cloud | 4.0 | |
| pluscloud open | 4.0 | |
| AWS European Sovereign Cloud | 3.0 | |
| IONOS Cloud | 3.0 | |
| Oracle EU Sovereign Cloud | 3.0 | |
| STACKIT | 3.0 | |
| UpCloud | 3.0 | |
| Delos Cloud | N/A |