Security & Compliance

Octos Cloud infrastructure is designed with security at every layer — from physical data center access to software-defined isolation. All data stays within Indian borders.

Data residency

All Octos Cloud data centers are located in India. Your data never leaves Indian jurisdiction, ensuring compliance with:

Reserve Bank of India (RBI) data localization guidelines
SEBI regulations for financial services
MEITY government data residency requirements
DPDP Act (Digital Personal Data Protection) requirements

Infrastructure certifications

Certification	Status
ISO 27001	Information Security Management
SOC 2 Type II	Security, Availability, Confidentiality
PCI DSS	Payment Card Industry Data Security
HIPAA	Health Information Privacy (on request)

Contact sales for detailed audit reports and compliance documentation.

Physical security

Octos Cloud operates from Tier-III+ certified data centers with:

24/7 manned security and CCTV surveillance
Biometric access controls
Redundant power systems with N+1 UPS
Fire suppression systems
Seismic-resistant construction

Network security

Control	Implementation
DDoS mitigation	Always-on, automated L3/L4 protection
Firewall	Security groups with stateful packet inspection
Isolation	Per-tenant network segmentation
Private networking	Fully isolated L2/L3 networks

Encryption

Layer	Standard
At rest	AES-256 encryption for all block storage
In transit	TLS 1.3 for all management plane traffic
Key management	Hardware Security Modules (HSM)

Access controls

Role-based access control (RBAC) — Assign granular permissions to team members
Two-factor authentication (2FA) — Email-based OTP on every login
API tokens — Scoped personal access tokens with configurable expiry
Activity logs — Full audit trail of all portal actions
Login history — IP address and timestamp tracking

Shared responsibility model

Responsibility	Octos Cloud	Customer
Physical infrastructure	✓
Hypervisor security	✓
Network infrastructure	✓
OS patching (on managed services)	✓
Security group configuration		✓
OS patching (on VMs)		✓
Application security		✓
Data backup strategy		✓
Access key management		✓

Data residency​

Infrastructure certifications​

Physical security​

Network security​

Encryption​

Access controls​

Shared responsibility model​

Next steps​