Compliance with international safety standards
PCI DSS
The payment card industry data security standard. This protocol establishes requirements for organizations that store, process, and transfer data from Visa, Mastercard, American Express, JCB, Discover, and others. Every company that works with such data is required to undergo certification. Our Cloud has passed the annual QSA audit and confirmed its compliance with the standard.
This not only means that we can work with payment data, but also confirms the high level of security of our infrastructure in general.
More about PCI DSS certification →
ISO 27001
An information security standard developed by the International Organization for Standardization and the International Electrotechnical Commission.
Establishes requirements for information security management. Companies that have passed the ISO 27001 certification confirm that they work with data in the most competent way and all their information assets are under reliable protection.
The main principles of the standard are confidentiality, integrity, and availability of information. The certified company must confirm that the data will be stored safely, and only those who have the right to do so will be able to access it.
To ensure that these conditions are met, our company has created and implemented an information security management system. We passed all stages of an independent audit and confirmed the compliance of our system within the requirements of the standard.
GDPR
The General Data Protection Regulation is an EU regulation that controls the collection, storage, and processing of personal data (PD) of all EU residents.
The regulations contain many different requirements for PD processing. One of them is secure data storage.
Any organization that works with European data (even if the company is not physically located in the EU) is subject to the regulation.
We strictly monitor the legality, fairness, and transparency of administering personal data, and we can guarantee the protection of data from loss, unauthorized access, destruction, use, modification, or disclosure.
Gcore complies with all GDPR requirements, both with respect to personal data stored by our customers and with respect to customer data.
Personal data processing policy →
How we protect data during storage and delivery
Protection from unauthorized access and data theft
Tools for security analysis and vulnerability search
Trusted computing
Securing your virtualization environment
Cryptographic information protection to encrypt databases, disks, and files, as well as to protect communication channels
Intrusion detection tools (IDS)
Protection from unauthorized access
Firewalling
Reliable data storage
Antivirus protection
Certified operating systems
Backing up and restoring data
Content protection during delivery via our network
Proprietary and shared SSL certificates
CORS headers
Tokenization and Signed URLs
Source validation with SSL
Forcible redirect to HTTPS
AES 128/256 encryption and DRM for secure video content delivery
Safe access to the control panel
Two-factor authentication
Access to the panel via API using tokens
