Compliance
The frameworks we maintain — and what we'll send you for procurement.
Reports and certificates are available under NDA from trust@vintonyhost.com. Most requests are answered within two business days.
SOC 2 Type II
Annual audit covering security, availability, processing integrity, confidentiality, and privacy. Report available under NDA within two business days.
ISO 27001:2022
Information security management system certified by an accredited registrar. Scope covers all Vintony-operated regions and the underlying control plane.
GDPR
EU data residency in Frankfurt, Amsterdam, Helsinki. Standard Contractual Clauses for cross-border transfers. DPA available; data processing inventory maintained.
PCI DSS Level 1
We are PCI DSS Level 1 compliant as a service provider. Workloads handling cardholder data inherit our infrastructure controls; an AOC is available on request.
HIPAA-ready
Workload isolation, encryption-at-rest, encryption-in-transit, immutable audit log, and a Business Associate Agreement (BAA) tailored to your covered-entity scope.
UK + EU public sector
Crown Commercial Service G-Cloud registration in progress. Cyber Essentials Plus certificate available now. ENISA EUCS evaluation tracked but not yet awarded.
Vendor security questionnaires
We pre-fill the SIG, CAIQ, and most industry-standard questionnaires. Send yours to trust@vintonyhost.com and we'll return it under NDA, typically within two business days.