{"id":370,"date":"2023-11-09T16:58:56","date_gmt":"2023-11-09T14:58:56","guid":{"rendered":"https:\/\/upcloud.com\/global\/us\/2023\/11\/09\/gdpr-iso-27001-cispe-guide-european-compliance\/"},"modified":"2023-11-09T16:58:56","modified_gmt":"2023-11-09T14:58:56","slug":"gdpr-iso-27001-cispe-guide-european-compliance","status":"publish","type":"post","link":"https:\/\/upcloud.com\/global\/blog\/gdpr-iso-27001-cispe-guide-european-compliance\/","title":{"rendered":"GDPR, ISO 27001 and CISPE Code of Conduct: a guide to European compliance with UpCloud"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Headquartered in Helsinki, UpCloud stands at the forefront of the European cloud infrastructure industry, rooted in Finnish traditions of technical and business excellence. Every customer who chooses to partner with us isn&#8217;t just selecting a cloud hosting solution; they&#8217;re placing their business, their confidence, and their aspirations in the hands of a certified Cloud Service Provider (CSP).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Recognising the weight of this responsibility, it is important to highlight our operations and the shared responsibility model, ensuring all stakeholders have a clear understanding of both the opportunities and the responsibilities inherent in cloud operations \u2013 especially relating to data and information security and compliance. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Alongside our ISO 27001 certification and CISPE Code of Conduct compliance, ensuring the highest standards of data security, UpCloud\u2019s European approach to cloud security offers unique benefits to businesses looking to operate in the EU.<\/p>\n\n\n\n<section class=\"block block-accordion block-bg-color-white\" id=\"free-trial\">\n<div class=\"accordion\" data-allow-toggle=\"\">\n\n<div class=\"accordion-item\">\n<h3> <button aria-expanded=\"false\" class=\"accordion-trigger\" aria-controls=\"how-does-upcloud-approach-customer-data-security-and-safety\" id=\"accordion-how-does-upcloud-approach-customer-data-security-and-safety\"> <span class=\"accordion-title\"> How does UpCloud approach customer data security and safety?<span class=\"accordion-icon\"><\/span> <\/span> <\/button><\/h3>\n<div id=\"how-does-upcloud-approach-customer-data-security-and-safety\" role=\"region\" aria-labelledby=\"accordion-how-does-upcloud-approach-customer-data-security-and-safety\" class=\"accordion-panel\" hidden=\"\">\n<div>\n<h4>Customer data belongs to the customer<\/h4>\n<p style=\"font-size:18px\">Customers are in control of the data they store in our cloud infrastructure and, with data residency, customer data is always stored in the country and data centre they select through the UpCloud control panel. We will not move data without customer\u2019s requests. Governed by GDPR and Finnish and European data privacy laws and regulations, we are committed to helping customers seamlessly achieve their compliance objectives in this \nfield.<\/p>\n<h4>Continuous Improvement Cycle<\/h4>\n<p style=\"font-size:18px\">We have a bug bounty program open to committed security researchers and offer a public Vulnerability Disclosure Program for reporting any possible vulnerabilities. We also believe in maintaining an open dialogue with our customers about our security practices. If you have any questions or concerns about how we manage and protect our customers\u2019 data, we&#8217;re here to answer them. We undergo regular external testing, reviews and audits, pushing \nourselves to continuously improve and adapt our security posture in response to the evolving threat landscape, including reacting immediately to discovered vulnerabilities.<\/p>\n<h4>Shared responsibility model<\/h4>\n<p style=\"font-size:18px\">When customers build IT-infrastructure with UpCloud they are entering a model where both parties, UpCloud and them &#8211; have responsibilities for maintaining the security of the services. Customers are responsible for their applications and configuring the services \u2013 but as a cloud infrastructure provider, UpCloud offers high-level security at datacentres and server\/storage locations, as well as connectivity and networking solutions like load \nbalancing, SDN, and virtual servers as a service \u2013 and additionally certain managed services such as Backups, Databases and Kubernetes containers.<\/p>\n<\/div><\/div><\/div>\n\n<div class=\"accordion-item\">\n<h3> <button aria-expanded=\"false\" class=\"accordion-trigger\" aria-controls=\"what-is-the-iso-27001-certification-and-cispe-code-of-conduct\" id=\"accordion-what-is-the-iso-27001-certification-and-cispe-code-of-conduct\"> <span class=\"accordion-title\"> What is the ISO 27001 Certification &amp; CISPE Code of Conduct?<span class=\"accordion-icon\"><\/span> <\/span> <\/button><\/h3>\n<div id=\"what-is-the-iso-27001-certification-and-cispe-code-of-conduct\" role=\"region\" aria-labelledby=\"accordion-what-is-the-iso-27001-certification-and-cispe-code-of-conduct\" class=\"accordion-panel\" hidden=\"\">\n<div>\n<p style=\"font-size:18px\">In a landscape rife with cybersecurity threats, the credibility and trustworthiness of your Cloud Service Provider (CSP) are non-negotiable. At UpCloud, we make it easier for you by demonstrating our unwavering commitment to data security. Our ISO 27001 certification and CISPE Code of Conduct compliance aren\u2019t just badges &#8211; they\u2019re promises of robust, transparent, and secure cloud infrastructure services.<\/p>\n<h4>ISO 27001: The Gold Standard in Security<\/h4>\n<p style=\"font-size:18px\">As an integral part of our security framework, we&#8217;re proud to be ISO 27001 certified. This international standard not only signifies our dedication to maintaining the high level of information security but also ensures that we adhere to industry-recognized best practices in managing and safeguarding your data.<\/p>\n<h4>Risk Management<\/h4>\n<p style=\"font-size:18px\">Part of our ISO 27001 commitment involves a holistic approach to risk management. We don&#8217;t just focus on technology; we encompass people, processes, and tech in our security endeavours. Human error can be a significant security risk. We invest in regular training for our team, ensuring they&#8217;re always up to date with the latest security protocols and practices.<\/p>\n<h4>Regular Audits<\/h4>\n<p style=\"font-size:18px\">The ISO 27001 standard is not a one-off certification. We are regularly audited by independent third parties to ensure our adherence to ISO 27001 standards and the efficiency of our security controls.<\/p>\n<h4>Beyond ISO 27001<\/h4>\n<p style=\"font-size:18px\">While ISO 27001 remains a core component of our security compliance, we&#8217;re also committed to aligning with other global and regional security standards and regulations, ensuring a comprehensive and multi-faceted approach to security. We are aligned with ISO 31000, NIST CSF and CISPE Code of Conduct and our data centres have multiple industry certifications on top of ISO 27001.<\/p>\n<h4>What is the CISPE Code of Conduct?<\/h4>\n<p style=\"font-size:18px\">The Cloud Infrastructure Services Providers in Europe (CISPE) is a non-profit organisation with members that include Amazon Web Services, OVH, Hetzner, Leaseweb, Aruba, and UpCloud. The CISPE Code of Conduct focuses on data protection principles, and adhering to this ensures that your data remains within your control, isn&#8217;t used for anything other than what you&#8217;ve authorized, and remains in the EEA (EU countries, Norway, Liechtenstein, and Iceland), providing an additional layer of protection given the stringent data protection laws in place.<\/p>\n<\/div><\/div><\/div>\n\n<div class=\"accordion-item\">\n<h3> <button aria-expanded=\"false\" class=\"accordion-trigger\" aria-controls=\"why-to-choose-european-cloud-service-provider\" id=\"accordion-why-to-choose-european-cloud-service-provider\"> <span class=\"accordion-title\">Why choose a European cloud service provider?<span class=\"accordion-icon\"><\/span> <\/span> <\/button><\/h3>\n<div id=\"why-to-choose-european-cloud-service-provider\" role=\"region\" aria-labelledby=\"accordion-why-to-choose-european-cloud-service-provider\" class=\"accordion-panel\" hidden=\"\">\n<div>\n<p style=\"font-size:18px\">Choosing a European CSP with ties to a legal framework protecting personal and business data can give you an edge when it comes to security promises to customers. We are committed to complying with applicable data protection and privacy laws and helping customers achieve their compliance objectives in this field. Choosing a European CSP carries unique advantages:<\/p>\n<h4>GDPR and Data Protection Laws<\/h4>\n<p style=\"font-size:18px\">Europe boasts the world&#8217;s most robust data protection regulations, including GDPR and upcoming NIS2, the Data Act and more. With UpCloud, customers benefit from a cloud infrastructure provider that is governed by these rigorous laws, ensuring the utmost protection for your data.<\/p>\n<h4>No Data Offshoring<\/h4>\n<p style=\"font-size:18px\">With UpCloud, your data can reside in the country of your choosing and our systems and operations are based in Europe. This means that not only is it protected by European regulations, but it&#8217;s also protected against unauthorised legal requests from other jurisdictions that might want to access your data.<\/p>\n<h4>Data access, retention and cooperation<\/h4>\n<p style=\"font-size:18px\">Customers control their data, server storage location and determine the retention period \u2013 your data, your rules.<\/p>\n<\/div><\/div><\/div>\n\n<\/div><\/section>\n\n\n\n<p class=\"wp-block-paragraph\">The heart of our promise at UpCloud is the unwavering security of your data. Certifications like ISO 27001 and adherence to the CISPE Code of Conduct demonstrate our commitment to this promise. UpCloud can be a trusted European partner for your cloud infrastructure needs.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Headquartered in Helsinki, UpCloud stands at the forefront of the European cloud infrastructure industry, rooted in Finnish traditions of technical and business excellence. Every customer [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":57813,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"784,514,730,841,295,364","_relevanssi_noindex_reason":"Blocked by a filter function","footnotes":""},"categories":[4,13],"tags":[],"class_list":["post-370","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-announcements","category-data-sovereignty"],"acf":[],"_links":{"self":[{"href":"https:\/\/upcloud.com\/global\/wp-json\/wp\/v2\/posts\/370","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/upcloud.com\/global\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/upcloud.com\/global\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/upcloud.com\/global\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/upcloud.com\/global\/wp-json\/wp\/v2\/comments?post=370"}],"version-history":[{"count":0,"href":"https:\/\/upcloud.com\/global\/wp-json\/wp\/v2\/posts\/370\/revisions"}],"wp:attachment":[{"href":"https:\/\/upcloud.com\/global\/wp-json\/wp\/v2\/media?parent=370"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/upcloud.com\/global\/wp-json\/wp\/v2\/categories?post=370"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/upcloud.com\/global\/wp-json\/wp\/v2\/tags?post=370"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}