Customers can deploy on DigitalOcean with trust in the organization’s risk management, security controls, operational resilience, incident management and reporting, and outsourcing and third party risk management.
The European Union's (“EU”) Digital Operational Resilience Act (DORA) is a regulation designed to strengthen the security and operational resilience of the financial services industry (FSI). The Act applies to FSI organizations (e.g., banks, insurance providers, and investment firms) as well as certain critical Information and Communications Technologies (ICT) providers that support those institutions. DORA aims to ensure that financial organizations maintain robust operational capabilities and can effectively withstand, respond to, and recover from disruptions, including cyber-attacks and significant IT outages.
The Company provides security, operational resilience, and risk management features intended to support customers with their internal DORA compliance and assessment efforts. The information in this section describes certain capabilities, tools, and resources available through the Company’s services and is provided for informational purposes only. These features do not constitute a representation or guarantee of DORA compliance.
We document applicable incident response policies and procedures. Procedures include documenting, identifying, mitigating, and remediating security incidents
Customers are responsible for evaluating whether the services they deploy are configured, monitored, and governed in a manner appropriate for their compliance obligations. Customers may access additional information and supporting documentation provided by DigitalOcean as indicated below to assist in their further evaluation of the following areas.
DigitalOcean’s colocated data center providers manage facility physical security. Information concerning each providers’ certifications can be found here.
DigitalOcean’s service level agreements (SLAs) of our products and services can be accessed on the DigitalOcean SLA page.
Customers may perform penetration testing on DigitalOcean services they deploy on the platform, provided such activities are conducted in accordance with platform guidelines and other service restrictions, and do not negatively affect other customers, shared infrastructure, or service availability (see our Acceptable Use Policy for more information on service restrictions).
From GPU-powered inference and Kubernetes to managed databases and storage, get everything you need to build, scale, and deploy intelligent applications.
