🔒 Security, Compliance & Certifications

At EDIS Global, security, compliance, and reliability are at the heart of everything we do. While we are not ISO 27001 certified as a company, our infrastructure is hosted in world-class data centers that maintain a wide range of internationally recognized certifications.

🛡️ Compliance Standards

  • PCI DSS – We process payment card data securely and in compliance with PCI DSS requirements.
  • GDPR – We strictly follow the General Data Protection Regulation to protect the personal data of individuals in the European Union.

🌐 Alignment with Additional Standards & Frameworks

By applying security best practices across our operations, EDIS Global aligns its processes with the control objectives of several international standards and frameworks. While we are not formally certified against these frameworks, our practices ensure a strong baseline of compliance and security:
  • ISO/IEC 27002 – Code of practice for information security controls.
  • ISO/IEC 27018 – Protection of personal data in cloud environments.
  • NIST Cybersecurity Framework (CSF) – Identify, Protect, Detect, Respond, Recover.
  • CIS Critical Security Controls – Prioritized best practices for cyber defense.
  • OWASP Top 10 – Guidance for secure web application development.
  • Cloud Security Alliance (CSA) Cloud Controls Matrix – Cloud industry controls, mapped to multiple standards.
  • ENISA Guidelines (EU) – Recommendations for information and network security.

🛠 Security Practices

  • Regular security audits & vulnerability assessments – Ensuring weaknesses are identified and resolved quickly.
  • Intrusion Detection Systems (IDS) – Monitoring our infrastructure for signs of malicious activity.
  • Patch Management – EDIS Global applies regular security updates for operating systems and applications to mitigate vulnerabilities.
  • Advanced monitoring & 24/7 support – Continuous monitoring for security events and a responsive support team for security-related issues.

👩‍💻 Organizational Measures

  1. Employee Training – Staff are regularly trained on data security best practices, such as identifying phishing attempts, using strong passwords, and handling sensitive data properly.
  2. Access Management – We apply the principle of least privilege, granting employees only the access they need to perform their roles.
  3. Incident Response Plan – Our incident response plan is tested regularly to ensure rapid, effective handling of potential security breaches.
  4. Third-Party Risk Management – We evaluate the compliance and security practices of any third-party vendors or partners with access to sensitive data.
  5. Regular Audits – Both internal and external audits are conducted to identify and address potential compliance gaps or vulnerabilities.

🏢 Certified Data Centers

EDIS Global publishes the names and addresses of the data centers we host with on every location page of our website (see the Looking Glass section, e.g. Frankfurt VPS Hosting). Customers may verify certification details directly on the websites of the respective data center providers. The majority of our infrastructure is operated in Equinix and Interxion (Digital Realty). Example: Equinix FR5 (Frankfurt, Germany) Address: Kleyerstraße 90, 60326 Frankfurt am Main, Germany Certifications:
  • Climate Neutral Data Centre Pact
  • Cyber Essentials
  • EU Code of Conduct
  • ISO 14001
  • ISO 22301
  • ISO 27001
  • ISO 45001
  • ISO 50001
  • ISO 9001
  • PCI DSS
  • SOC 1 Type II
  • SOC 2 Type II
🔗 Equinix Certifications 🔗 Interxion/Digital Realty Certifications

📑 Questionnaires & ISO 27001

We are often asked if we can complete questionnaires as part of a client’s ISO 27001 certification process. ➡️ To be transparent: EDIS Global does not fill out external questionnaires or forms. Instead, we provide this documentation and direct clients to the official certification resources of our data center partners.

🌍 Code of Ethics & Conduct

  1. Sustainable Practices – Commitment to responsible, green, and sustainable digital infrastructure.
  2. Compliance – Adherence to GDPR, IT security, and corporate governance requirements.
  3. Conflict of Interest – Always acting in the best interest of our customers.
  4. Human Rights & Fair Labor – Respect for international human rights and fair working conditions.
  5. Environmental Protection – Use of energy-efficient server technologies and eco-friendly hosting.
  6. Health & Safety – Safe work environments and regular security awareness training.
  7. Supply Chain Responsibility – Working only with transparent and responsible partners.
  8. Data Protection – GDPR-compliant processing and advanced encryption.
  9. Technical Compliance – Conformance with product and IT security standards.
  10. Business Continuity – Comprehensive risk management and tested contingency plans.
  11. Code Enforcement – Mandatory adherence for all staff and partners.
  12. Reporting Mechanisms – Secure channels for reporting and investigating violations.