Privacy and Compliance

Certifications

Certification Region Details
PCI DSS v4 nz-hlz-1 (physical security) Available upon request
PCI DSS v4 nz-por-1 & nz_wlg_2 (physical security) Certificate below
ISO 27001:2013 nz-hlz-1 (physical security) Available upon request
ISO 27001:2022 Catalyst Cloud Ltd, including all regions Certificate below
ISO 27017:2015 Catalyst Cloud Ltd, including all regions Certificate below

For PCI DSS, Catalyst Cloud is responsible for the physical security of the servers, relevant Attestations of Compliance (AOC) are available upon request.

PCI Certificate of Compliance

Catalyst Cloud Ltd - ISO 27001 - IS 745798.pdf

Catalyst Cloud Ltd - ISO 27017 - CLOUD 745805.pdf

Catalyst Cloud Ltd - ISO 27001 - Statement of Applicability (covering both ISO 27001 and ISO 27017) is available upon request.

New Zealand Government

Catalyst Cloud is the first cloud provider to address NZ Government requirements for cloud security. Catalyst Cloud also has a Cloud Framework Agreement in place with the Crown, more information is available on our Public Sector page.

The Government Chief Digital Officer (GCDO) provides guidance to New Zealand Government agencies on how to assess the information security and privacy risks of cloud computing. Catalyst Cloud has published a spreadsheet that provides answers included in the current Cloud Risk Discovery Tool (the 95 Questions). If you need to fill out the Cloud Risk Discovery Tool, you can use our answers as required.

GCDO Cloud Risk Assessment Tool v2

We have previous version of this available as well, the 105 Questions, as published by the Government Chief Information Officer (GCIO).

Cloud Risk Assessment Tool

Cloud Code of Practice

The CloudCode was developed by the New Zealand Cloud Computing industry, facilitated by the Institute of IT Professionals NZ and ensures that:

  1. Service providers will not call a service "Cloud Computing" unless it really is; and
  2. Service providers will disclose important details about their Cloud products and services, enabling customers to make informed decisions about the use of the services.

Catalyst is a signatory of the CloudCode and discloses information about Catalyst Cloud as required.

CloudCode Disclosure Statement

DDoS Mitigation

Catalyst Cloud provides Distributed Denial of Service (DDoS) protection to all our customers as part of our Ingress Protection service. The following paper describes some of the controls in place to mitigate the risk of DDoS attacks and provide additional information on what you can do to further protect your cloud applications.

DDoS Mitigation