Security & Compliance

Compliance Certifications

OMC Cloud holds independent third-party certifications across data security, cloud-specific controls, and operational practices.

Physical Security

All OMC Cloud data centers are operated in carrier-grade facilities with multi-layer physical access controls:

• 24/7 on-site security with continuous monitoring and incident response
• Multi-factor access controls — biometric authentication, keycard, and PIN
• CCTV surveillance with 90-day footage retention
• Mantraps and visitor escort for all non-staff entries
• Redundant power with N+1 UPS, diesel generators, and dual utility feeds
• Environmental controls — fire detection, suppression, climate monitoring
• Tier 3+ facilities across all 24 global data center locations

Network Security

• Network-level DDoS protection included on all servers — mitigates volumetric, protocol, and application-layer attacks automatically
• Web Application Firewall (WAF) available, protecting against OWASP Top 10
• Private cloud networking (VPC) for isolated inter-server communication
• TLS 1.2+ enforced on all management endpoints and the API
• Network segmentation between customer environments at the hypervisor level
• Continuous vulnerability scanning of public-facing infrastructure
• Geographic redundancy across 24 data centers in 4 continents

Data Protection

• Encryption in transit — TLS 1.2+ for all API and management traffic
• Encryption at rest available for backup and object storage
• Automated daily backups with 14 restore points
• Geo-redundant backup storage across multiple data centers
• Disaster recovery with managed failover and 99.9% uptime SLA
• Customer data isolation at the hypervisor and storage layer
• Secure data deletion on server termination per ISO 27001 requirements

Operational Security

• 24/7 NOC and SOC with human monitoring and incident response
• Background-checked staff with role-based access control
• Principle of least privilege enforced across all internal systems
• Security awareness training for all employees
• Incident response plan tested annually
• Change management with peer review on all production changes
• Annual penetration testing by independent third parties

GDPR & Privacy

OMC Cloud is fully compliant with the EU General Data Protection Regulation (GDPR):

• Data Processing Agreement (DPA) available on request for customers processing personal data
• EU data centers available for data residency requirements (Frankfurt, Amsterdam, London, Madrid, Milan, Stockholm)
• Right to erasure — customers can delete their data via the API or dashboard at any time
• Data subject access requests processed within 30 days
• Breach notification within 72 hours of discovery
• Sub-processor list available on request

Need a signed DPA or want to discuss specific compliance requirements? Contact our compliance team.

Responsible Disclosure

Found a security issue in OMC Cloud? We appreciate responsible disclosure from security researchers.

Please report security vulnerabilities to: [email protected]

Please give us reasonable time to address the issue before public disclosure. We don't currently run a formal bug bounty program but recognize and credit researchers who report verified vulnerabilities.

Need our certificates or DPA?

Compliance certificates, audit reports, and the Data Processing Agreement are available to current and prospective customers on request.