Compliance
Securosys CloudHSM is powered by physical Hardware Security Modules (HSMs), specifically the Primus HSM. This page describes the certifications that the CloudHSM and Primus HSM have earned.
Primus HSM Certifications
Primus HSM has earned the following certifications:
- Common Criteria EAL4+ (CC)
- FIPS 140-2 Level 3
Choosing a CloudHSM Service
For full compliance, the Primus HSM needs to be operated with a certified firmware version. This is why CloudHSM provides the ECO CC service package. This service package runs a Common Criteria-certified firmware version.
The other service packages (such as SBX or ECO) run a normal firmware release. This means that even though the underlying hardware has undergone FIPS/CC certification, the software is not certified.
There is currently no CloudHSM service package for FIPS. If you are interested in this, please contact us.
In the Platinum and HOS packages, the HSMs can be deployed in a certified setup upon request.
CloudHSM Operation
Additionally, Securosys as a company has earned the following certifications:
ISO/IEC 27001:2022
This certification reflects the high standards upheld by the team responsible for managing and securing the service, particularly in protecting sensitive information, risk management, and security controls.
All data centers hosting CloudHSM instances worldwide are also ISO/IEC 27001 certified and meet or exceed Tier 3 standards, ensuring robust physical security and infrastructure resilience.
ISO 9001:2015
This certification demonstrates Securosys' commitment to high standards of quality management across its operations. It ensures that every aspect of the service, from design to delivery, follows a systematic and reliable process that prioritizes customer satisfaction and continuous improvement.