# Certification & Compliance

Ellipsis Drive leverages Google Cloud infrastructure for storing and hosting data. As such, we rely on [<mark style="color:blue;">Google Cloud Compliance & Regulations resources</mark>](https://cloud.google.com/security/compliance) to make sure data hosted in Ellipsis Drive is protected according to the strict certifications and compliance standards of the [<mark style="color:blue;">EMEA region</mark>](https://cloud.google.com/security/compliance/offerings#/regions=EMEA).&#x20;

Our compliance standards include (but are not limited to):&#x20;

* ISO 27001: 2024
* General Data Protection Regulation (GDPR)
* Cloud Computing Compliance Criteria Catalog (C5:2020)&#x20;
* EU Cloud Code of Conduct&#x20;
* EU Standard Contractual Clauses &#x20;
* ISAE 2000 Type 2 Report (FINMA)&#x20;
* NCSC - Cyber Essentials&#x20;
* NCSC - Cloud Security
* Algemene Verordening Gegevensbescherming (AVG)

Our Cloud Armor includes:

* Enterprise-grade DDoS protection and WAF&#x20;
* Detection and mitigation of attacks against Cloud Load Balancing workloads
* Adaptive Protection with ML-based mechanisms to help detect and block Layer 7 DDoS attacks&#x20;
* Mitigation of OWASP Top 10 risks&#x20;
* Bot management to stop fraud at the edge through native integration with reCAPTCHA Enterprise