Certifications
Download certification reports to understand how independent auditors have vetted our processes.
Certification reports
Please visit our Security Reports & Certifications Center for access to our SOC 2 Type II Report, data center-specific certifications (ISO 27001, SOC Reports, PCI-DSS).
DigitalOcean’s SOC 2 Type II and SOC 3 Type II
DigitalOcean is AICPA SOC 2 Type II and SOC 3 Type II certified. By achieving compliance with this globally recognized information security controls framework, audited by our independent auditor (Schellman & Company LLC), DigitalOcean has demonstrated a commitment to protecting sensitive customer and company information.
To view our SOC 3 Type II report, please click here: DigitalOcean SOC 3 Type II Report
Colocated Data Centers’ ISO 14001 and ISO 50001
Several of DigitalOcean’s colocated data centers have obtained ISO 14001 and ISO 50001 certifications. These certifications demonstrate their efforts of establishing, integrating, and improving environmental management systems and energy management.
DigitalOcean’s CSA Self-Assessment
Additionally, DigitalOcean has achieved Cloud Security Alliance (CSA) STAR Level 1 which addresses fundamental security principles across 16 domains to help cloud customers assess the overall security risk of a cloud service.
Please review our CSA self-assessment.
DigitalOcean’s APEC CBPR PRP Certification
DigitalOcean maintains compliance with rigorous privacy and data protection standards, as evidenced by our APEC CBPR PRP (Asia-Pacific Economic Cooperation Cross-Border Privacy Rules Privacy Recognition for Processors) certification. This certification demonstrates our commitment to prioritizing security and confidentiality in data processing operations in order to develop and maintain trust with our customers.
Please review our Certification.
Certifications & The Shared Responsibility Model
DigitalOcean has a Shared Responsibility Model with our customers and as such, the certifications on this page cover different aspects of DigitalOcean’s service which are detailed below:
- DigitalOcean SOC 2 Type II - Controls that address the 2017 Trust Services Criteria for Security, Availability, Processing, Integrity, Confidentiality, and Privacy of DigitalOcean’s products and services
- Data Center Certifications - Reports received from the collocated data centers that detail the physical and asset security of DigitalOcean’s infrastructure. All of our collocated data centers are independently audited, and many are certified by internationally recognized attestation and certification compliance standards.
| Data center | SOC 1 Type II | SOC 2 Type II | SOC 3 Type II | ISO 14001 | ISO/IEC 27001:2013 | ISO 50001 | PCI-DSS |
|---|---|---|---|---|---|---|---|
| NYC1 | Available | Available | Available | Available | Available | Available | |
| NYC2 | Available | Available | Available | Available | Available | Available | |
| NYC3 | Available | Available | Available | Available | Available | ||
| LON1 | Available | Available | Available | Available | Available | Available | |
| AMS2 | Available | Available | Available | Available | Available | Available | |
| AMS3 | Available | Available | Available | Available | Available | Available | |
| SFO1 | Available | Available | Available | Available | |||
| SFO2 | Available | Available | Available | ||||
| SFO3 | Available | Available | Available | Available | |||
| SGP1 | Available | Available | Available | Available | Available | Available | |
| FRA1 | Available | Available | Available | Available | Available | Available | |
| TOR1 | Available | Available | Available | Available | |||
| BLR1 | Available | Available | Available | ||||
| SYD1 | Available | Available | Available | Available | Available | Available |
If you have other compliance-related questions, please reach out to privacy@digitalocean.com.