Skip to main content

EDBB Security Posture at a Glance

Security is baked into the way EDBB designs, operates, and audits its VPS platform. We partner with Tier III+ facilities, enforce strong operational controls, and publish status updates openly so customers know where their workloads stand.
  • Core certifications: PCI DSS attestation for card data handling, ISO 27001-certified facilities, SOC 2-ready control environment.
  • Privacy-first: GDPR compliance, privacy impact assessments, and EU-hosted support tooling.
  • Global infrastructure: Equinix and Interxion/Digital Realty provide resilient power, connectivity, and physical security.

Compliance & Framework Mapping

Formal Certifications

  • PCI DSS – scoped for billing touchpoints
  • ISO 27001 – via our primary data center partners
  • SOC 1 & SOC 2 Type II – available through Interxion and Equinix

Framework Alignment

  • NIST Cybersecurity Framework
  • CIS Critical Security Controls
  • ISO/IEC 27002 & 27018 controls
  • Cloud Security Alliance CCM
  • OWASP Top 10 secure development practices
Need a signed attestation or detailed control mapping? Email compliance@edbb.com with your questionnaire and the intended use case.

Operational Security Layers

  • Continuous monitoring – Real-time metrics, IDS/IPS feeds, and anomaly alerts watched by our on-call engineers.
  • Patch cadence – Critical fixes deploy within vendor SLAs; monthly maintenance windows capture the remainder.
  • Change control – Peer-reviewed changes, automatic rollbacks, and release notes published to the status page.
  • 24/7 incident response – A documented runbook plus cross-functional escalation paths keep response times low.

Safeguarding the Organisation

  1. Security awareness – Mandatory onboarding and refresher courses covering phishing, data handling, and privacy.
  2. Scoped access – Fine-grained IAM with short-lived credentials; production access is logged and reviewed.
  3. Tabletop exercises – Quarterly simulations validate our incident response, ransomware playbooks, and disaster recovery.
  4. Vendor diligence – Third parties undergo risk reviews, contractual safeguards, and periodic reassessment.
  5. Internal & external audits – Compliance checkpoints every six months, supplemented by penetration testing.

Trust & Transparency

  • Network footprint: EDBB operates AS57169 with allocations at RIPE NCC and ARIN.
  • Service history: Uptime reports, maintenance notes, and postmortems live at status.edbb.com.
  • Security desk: Report abuse or suspicious activity to abuse@edbb.com; urgent matters receive priority handling.
  • Review cycle: This page is updated at least twice per year, or sooner if our certification landscape changes.

Data Center Partners & Example Site

EDBB capacity spans multiple European and international metros. Facility-level controls include biometric access, CCTV, dual power feeds, and on-site security.

Frankfurt: Equinix FR5

DetailInformation
AddressKleyerstraße 90, 60326 Frankfurt am Main, Germany
HighlightsISO 22301, ISO 27001, ISO 50001, ISO 9001, PCI DSS, SOC 1 & SOC 2 Type II, Climate Neutral Data Centre Pact
Learn moreEquinix certifications
Customers can cross-reference other metro sites directly with the provider:

Questionnaires & Documentation Access

We keep this page current so most due diligence can be completed without a custom NDA. If your procurement flow requires tailored responses, send the form to compliance@edbb.com and include:
  • Target customer name and region
  • Intended workload or regulatory driver
  • Deadlines for submission

Code of Ethics & Responsible Operations

  • Sustainability – Preference for carbon-neutral data centers, energy-efficient hardware, and responsible e-waste disposal.
  • Customer-first decisions – Conflicts of interest are escalated and documented; we avoid lock-in tactics.
  • Human rights – Inclusive hiring, fair compensation, and safe workplaces across our supply chain.
  • Environmental & social governance – Participation in community initiatives and transparent reporting on ESG metrics.
  • Data stewardship – Encryption in transit and at rest, GDPR-aligned processing, and privacy-by-design principles.
  • Business continuity – Regular backup testing, multi-region failover capability, and rehearsed recovery drills.
  • Speak-up culture – Confidential channels allow staff, partners, and customers to flag concerns without retaliation.