VULTR Control Plane compliance
Current Compliance Attestations:
- SOC 2 Type 2
- PCI (Merchant)
2023 Planned Compliance Projects
- CSA Star Level 1 (Q4)
- SOC 2 Type 2 (Q4)
2024 Planned Compliance Projects
- ISO 20000 (Q1)
- ISO 27001:2022 (Q1)
- FedRAMP Authorizable (Q3)
- SOC 2 Type 2 (Q4)
- ISO 27017 (Q4)
- ISO 27018 (Q4)
Vultr Compliance
Vultr is committed to meeting our customers' global risk and compliance requirements, including server availability, security, data protection, and privacy.
Vultr is in process of a SOC 2 Type 2 attestation by our third party auditors. The attestation will be completed in January 2023 and the SOC 2 Type 2 report will be available in February 2023.
Vultr aligns our hosting services with data centers that are also committed to customer availability, security and privacy (see below). Vultr hosting services are deployed
with compliance needs in mind so our customers can deploy their own compliance requirement based solutions (i.e., HIPAA and PCI along with executing a Vultr BAA and DPA where applicable)
at a geographically dispersed data center with the same compliance frameworks in place so that specific compliance controls can be carved out for the customer.
The Vultr compliance roadmap for 2023 is very aggressive, including ISO/IEC 27001:2013 certification and CSA Star Alliance attestation.
Security and compliance are shared responsibilities between Vultr, our customers, and any third parties who deliver solutions for Vultr. Vultr manages and secures the platform's
control plane, networks, and cloud storage; the customer is responsible for their applications, data, middleware, OS, and storage. Additionally, the Vultr Compliance team has
stringent policies, processes, and controls for vetting all third parties that may be required to deliver any Vultr product or marketplace solution. For questions regarding compliance,
please email grc@vultr.com
Vultr has created US and international privacy policies that align with regulations such as CCPA, GDPR, LGPD, PDPL, and others. In 2023, several new privacy regulations will become active.
In response, Vultr is implementing a unified privacy framework aligned to multiple global privacy regulations based on the NIST Privacy Framework. Vultr conducts an annual assessment
with an independent legal team to review our privacy policies and controls. See our US and international privacy policies to learn more about how Vultr complies with regulations and
discloses information. For any questions regarding privacy at Vultr, please email privacy@vultr.com
Datacenter Compliance
| Datacenter | SOC 1 Type II | SOC 2 Type II | ISO 27001 | PCI-DSS | NIST 800-53 | HIPAA |
|---|---|---|---|---|---|---|
| Amsterdam | ||||||
| Atlanta | ||||||
| Bangalore | ||||||
| Chicago | ||||||
| Dallas | ||||||
| Dehli | ||||||
| Frankfurt | SOC2 Type I | |||||
| London | SOC2 Type I | |||||
| Los Angeles | ||||||
| Madrid | ||||||
| Melbourne | ||||||
| Mexico City | ||||||
| Miami | ||||||
| Mumbai | ||||||
| New Jersey | ||||||
| Paris | ||||||
| San Jose | ||||||
| Sao Paulo | ||||||
| Seattle | ||||||
| Seoul | ||||||
| Silicon Valley | ||||||
| Singapore | ||||||
| Stockholm | ||||||
| Sydney | ||||||
| Tokyo | ||||||
| Toronto | ||||||
| Warsaw |