Data residency
Customer systems can be configured so production data, backups and operational data remain in EU/EEA cloud regions.
Security & Compliance
European-hosted systems backed by documented cloud security evidence.
ALMA hosted software environments can be configured to keep customer data within EU/EEA cloud regions. This page explains the cloud security, privacy and service assurance evidence supporting our hosted deployments.
Cloud assurance overview
Security is designed into the hosting environment.
Our hosted deployments use European cloud regions, encrypted connections, controlled access and documented provider assurance evidence.
ISO 27001
Information security management
ISO 27017
Cloud security controls
ISO 27018
Personal data protection in cloud
SOC 2
Security, availability and confidentiality
Europe-first hosting
Production environments can be hosted in EU/EEA cloud regions.
Encrypted access
Hosted systems use SSL/TLS-secured connections.
Documented evidence
Provider certificates and attestations are available for review.
Responsible disclosure
Restricted reports are shared on request where permitted.
Our approach
Clear security claims, supported by evidence.
We aim to explain security in practical terms: where data is hosted, how access is protected, and which independent documents support the cloud platform used for hosted ALMA systems.
Platform assurance
The underlying cloud platform is supported by ISO and SOC assurance evidence covering security, cloud controls, privacy and service management.
Practical safeguards
Hosted deployments are designed around secure access, encryption, backups, monitoring and controlled operational procedures.
Evidence library
Available security and compliance documents.
The documents below relate to the cloud provider and datacenter ecosystem used to support hosted environments. Some reports are restricted and can only be shared where permitted.
ISO/IEC 27001:2022
ISO/IEC 27001:2022 certification for the information security management system supporting the Vultr platform system.
Valid until 14 May 2027 Open PDFISO/IEC 27017:2015
Cloud security attestation for controls applicable to cloud service provision and use.
Valid until 14 May 2027 Open PDFISO/IEC 27018:2019
Cloud privacy attestation supporting the protection of personally identifiable information in cloud environments.
Valid until 14 May 2027 Open PDFISO/IEC 20000-1:2018
Service management certification covering delivery and management of cloud hosting services.
Valid until 14 May 2027 Open PDFDORA Customer Trust Statement
Customer trust statement describing alignment with DORA-style operational resilience, governance, incident management and third-party risk practices.
Customer trust statement dated July 2025 Open PDFPCI DSS AOC
PCI DSS attestation for Digital Realty colocation services. This is supporting evidence for the physical environment, not ALMA payment processing.
Assessment/report dated 2026 Open PDFSOC 2 Type II
SOC 2 Type II assurance covering the Vultr platform system controls for security, availability and confidentiality. Shared on request where permitted.
Restricted-use report; available on request Request access
Evidence scope
The documents in this library relate to the cloud platform, datacenter services and provider controls used to support hosted ALMA deployments. ALMA uses this assurance evidence as part of its hosting architecture, access controls, backup approach and operational setup. For a specific deployment, we can confirm which controls, hosting region and responsibilities apply.
Shared responsibility
Cloud security works best when responsibilities are clear.
The cloud provider secures the underlying platform and datacenter environment. ALMA is responsible for the hosted application setup, access controls, configuration and support processes for customer deployments.
Cloud provider
Platform, datacenter, infrastructure controls, availability and provider-level security assurance.
ALMA
Application configuration, user access setup, support procedures, backups, monitoring and customer guidance.
Customer
User management decisions, internal access policies, password discipline and lawful use of the software.
Need more detail?
Speak with ALMA about hosted security, GDPR and data residency.
We can explain where your system will be hosted, how access is controlled, what evidence is available and which responsibilities apply to your organization.