Certification Reports and Resources
Certification reports
DigitalOcean's SOC 2 Type II and SOC 3 Type II
DigitalOcean is AICPA SOC 2 Type II and SOC 3 Type II certified. By achieving compliance with this globally recognized information security controls framework, audited by our independent auditor (Schellman & Company LLC), DigitalOcean has demonstrated a commitment to protecting sensitive customer and company information.
DigitalOcean's APEC CBPR PRP Certification
DigitalOcean maintains compliance with rigorous privacy and data protection standards, as evidenced by our APEC CBPR PRP (Asia-Pacific Economic Cooperation Cross-Border Privacy Rules Privacy Recognition for Processors) certification. This certification demonstrates our commitment to prioritizing security and confidentiality in data processing operations in order to develop and maintain trust with our customers.
CIS Benchmarks
Through our CIS Foundations and CIS Services Benchmarks, we empower our customers with actionable resources to better secure their infrastructure. And, because CIS Benchmarks are aligned to various security frameworks by design, customers can reference our Benchmarks as a resource for their respective compliance programs.
DigitalOcean's CSA Self-Assessment
Additionally, DigitalOcean has achieved Cloud Security Alliance (CSA) STAR Level 1 which addresses fundamental security principles across 16 domains to help cloud customers assess the overall security risk of a cloud service.
Data Center Certifications
Reports received from the collocated data centers that detail the physical and asset security of DigitalOcean's infrastructure. All of the collocated data centers are independently audited, and many are certified by internationally recognized attestation and certification compliance standards.
| ISO 901 | ISO 14001 | ISO 223001 | ISO 27001 | ISO 45001 | ISO 50001 | PCI-DSS | SOC 1 Type II | SOC 2 Type II | |
|---|---|---|---|---|---|---|---|---|---|
| AMS2 | |||||||||
| AMS3 | |||||||||
| ATL1 | |||||||||
| BLR1 | |||||||||
| FRA1 | |||||||||
| LON1 | |||||||||
| NYC1 | |||||||||
| NYC2 | |||||||||
| NYC3 | |||||||||
| SFO1 | |||||||||
| SFO2 | |||||||||
| SFO3 | |||||||||
| SGP1 | |||||||||
| SYD1 | |||||||||
| TOR1 |
AMS2
AMS3
ATL1
BLR1
FRA1
LON1
NYC1
NYC2
NYC3
SFO1
SFO2
SFO3
SGP1
SYD1
TOR1
If you have other compliance-related questions, please reach out to trust@digitalocean.com.
Transparency Report
Like all cloud computing companies, we occasionally receive requests from government agencies regarding one of the servers in our network. To protect our customers, our policy is to fully (and transparently) comply with legal process, provided that it is legally valid with respect to where the data in question resides.
We stand with our customers when governments ask us for data. We don't disclose user content to law enforcement without proper legal process and we inform users about government data requests unless legally prevented. Our transparency reports outline the requests we receive from law enforcement agencies and explain our commitment to being responsible cloud providers
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.