> ## Documentation Index
> Fetch the complete documentation index at: https://docs.edisglobal.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Security, Compliance & Certifications

> Security and compliance overview for EDIS Global VPS, covering PCI DSS, GDPR, ISO 27001 certified data centers, NIST CSF alignment, and uptime reporting.

## 🔒 Security, compliance & certifications

At **EDIS Global**, security, compliance, and reliability come first. Our VPS infrastructure is built on world-class **Equinix** and **Interxion/Digital Realty** facilities certified against **ISO 27001, PCI DSS, and SOC 2**, and aligned with frameworks like **NIST CSF and CIS Controls**. Combined with our experienced security team and transparent incident reporting, this ensures a **secure, standards-aligned, and trusted platform** for businesses worldwide.

***

## 🛡️ Compliance Standards

* **PCI DSS** – We process payment card data securely and in compliance with PCI DSS requirements.
* **GDPR** – We strictly follow the General Data Protection Regulation to protect the personal data of individuals in the European Union.

***

## 🌐 Alignment with additional standards & frameworks

By applying security best practices across our operations, **EDIS Global aligns its processes with the control objectives of several international standards and frameworks**. While we are not formally certified against these frameworks, our practices ensure a strong baseline of compliance and security:

* **ISO/IEC 27002** – Code of practice for information security controls.
* **ISO/IEC 27018** – Protection of personal data in cloud environments.
* **NIST Cybersecurity Framework (CSF)** – Identify, Protect, Detect, Respond, Recover.
* **CIS Critical Security Controls** – Prioritized best practices for cyber defense.
* **OWASP Top 10** – Guidance for secure web application development.
* **Cloud Security Alliance (CSA) Cloud Controls Matrix** – Cloud industry controls, mapped to multiple standards.
* **ENISA Guidelines (EU)** – Recommendations for information and network security.

***

## 🛠 Security Practices

* **Regular security audits & vulnerability assessments** – Ensuring weaknesses are identified and resolved quickly.
* **Intrusion Detection Systems (IDS)** – Monitoring our infrastructure for signs of malicious activity.
* **Patch Management** – EDIS Global applies regular security updates for operating systems and applications to mitigate vulnerabilities.
* **Advanced monitoring & 24/7 support** – Continuous monitoring for security events and a responsive support team for security-related issues.

***

## 👩‍💻 Organizational Measures

1. **Employee Training** – Staff are regularly trained on data security best practices, such as identifying phishing attempts, using strong passwords, and handling sensitive data properly.
2. **Access Management** – We apply the principle of least privilege, granting employees only the access they need to perform their roles.
3. **Incident Response Plan** – Our incident response plan is tested regularly to ensure rapid, effective handling of potential security breaches.
4. **Third-Party Risk Management** – We evaluate the compliance and security practices of any third-party vendors or partners with access to sensitive data.
5. **Regular Audits** – Both internal and external audits are conducted to identify and address potential compliance gaps or vulnerabilities.

***

## 🔎 Transparency & Verification

* **Network Authority**: EDIS Global operates under **AS57169** and maintains its own IP allocations with [RIPE NCC](https://www.ripe.net/membership/indices/data/at.edis.html) and [ARIN](https://search.arin.net/rdap/?query=EGL-51).
* **Incident Transparency**: Service status and past incidents are published at [status.edis.global](http://status.edis.global).
* **Abuse & Security Contact**: Please report any abuse or security concerns to [abuse@edisglobal.com](mailto:abuse@edisglobal.com).
* **Audit Timeline**: This page and its contents are reviewed every 6 months; Last update: September 21, 2025

***

## 🏢 Certified data centers

EDIS Global VPS infrastructure runs in Tier III+ certified data centers such as **Equinix** and **Interxion** (Digital Realty). We publish names and addresses of the data centers we host with on every location page of our website (see the *Looking Glass* section, e.g. [Frankfurt VPS Hosting](https://www.edisglobal.com/vps-hosting/germany-frankfurt#looking-glass)). Customers may verify certification details directly on the websites of the respective data center providers.

**Example: Equinix FR5 (Frankfurt, Germany)**

**Address**: Kleyerstraße 90, 60326 Frankfurt am Main, Germany

**Certifications**:

* Climate Neutral Data Centre Pact
* Cyber Essentials
* EU Code of Conduct
* ISO 14001
* ISO 22301
* ISO 27001
* ISO 45001
* ISO 50001
* ISO 9001
* PCI DSS
* SOC 1 Type II
* SOC 2 Type II

🔗 [Equinix Certifications](https://www.equinix.com/data-centers/design/standards-compliance)
🔗 [Interxion/Digital Realty Certifications](https://www.digitalrealty.com/data-centers/design/certifications-compliance)

***

## 📑 Questionnaires & ISO 27001

Instead of filling out external questionnaires, we maintain this public compliance page to ensure clients always have the latest verified information.

***

## 🌍 Code of ethics & conduct

1. **Sustainable Practices** – Commitment to responsible, green, and sustainable digital infrastructure.
2. **Compliance** – Adherence to GDPR, IT security, and corporate governance requirements.
3. **Conflict of Interest** – Always acting in the best interest of our customers.
4. **Human Rights & Fair Labor** – Respect for international human rights and fair working conditions.
5. **Environmental Protection** – Use of energy-efficient server technologies and eco-friendly hosting.
6. **Health & Safety** – Safe work environments and regular security awareness training.
7. **Supply Chain Responsibility** – Working only with transparent and responsible partners.
8. **Data Protection** – GDPR-compliant processing and advanced encryption.
9. **Technical Compliance** – Conformance with product and IT security standards.
10. **Business Continuity** – Comprehensive risk management and tested contingency plans.
11. **Code Enforcement** – Mandatory adherence for all staff and partners.
12. **Reporting Mechanisms** – Secure channels for reporting and investigating violations.