SOC 2

SOC 2 Type II is a reporting framework developed by the American Institute of Certified Public Accountants (AICPA) under the SSAE 18 standard. It evaluates how a service organization’s controls align with the Trust Services Criteria, which include security, availability and confidentiality.

Access the report

Nebius undergoes regular independent SOC 2 Type II audits covering its products, systems and infrastructure.

These audits are conducted by an accredited third-party firm that evaluates the design and operational effectiveness of our controls over a defined audit period. The resulting SOC 2 Type II report provides an independent attestation of the controls Nebius has implemented to protect customer data.

Customers can use the SOC 2 Type II report to better understand and assess the risks associated with using Nebius services during the covered audit period.

The report is available upon signing an NDA. Fill out this form to sign the NDA and access the report.

HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a U.S. federal law that establishes requirements for safeguarding the privacy and security of Protected Health Information (PHI).

HIPAA applies to covered entities — including health plans, healthcare clearinghouses and healthcare providers that transmit health information electronically — as well as their business associates.

The HIPAA Security Rule mandates that both covered entities and business associates implement administrative, physical and technical safeguards to ensure the confidentiality, integrity and availability of PHI that is created, transmitted, received, or maintained.

Nebius underwent a HIPAA audit alongside its SOC 2 audit, evaluating compliance with applicable HIPAA Security Rule requirements. The resulting report confirmed that Nebius meets the necessary controls to support HIPAA compliance.

Questions and answers

Nebius offers independent assurance of its security, availability, and confidentiality controls to customers and users with a valid business need.

HIPAA (Health Insurance Portability and Accountability Act of 1996) is a U.S. law that sets standards for protecting the privacy and security of Protected Health Information (PHI). It applies to healthcare providers, health plans and their service providers, requiring safeguards to ensure the confidentiality, integrity and availability of PHI.

Nebius was tested in tandem with the HIPAA law as part of the SOC 2 Type II audit.

Deloitte is recognized as one of the market leaders in SOC reports and internal control services and HIPAA compliance assessments.

As Nebius’ external auditors, they have a dedicated group of risk and control specialists with deep industry experience in reducing risks and accelerating readiness for regulatory compliance.

Deloitte optimizes their third-party reporting by establishing a detailed process for understanding, operationalizing, enhancing and continuously monitoring their approach to third-party assurance (TPA).

Deloitte has been at the forefront of SOC and HIPAA-related assurance services since the initial SOC standards were issued by the AICPA in the early 1990s, and they continue to serve as an adviser to the AICPA to this day.

As Nebius seeks trusted partners for third-party assurance (SOC 2 Type II and HIPAA compliance), we wanted to work with an organization that reflects our own performance standards and high level of service.

Deloitte has a history of delivering projects of superior quality and is committed to a transparent approach marked by continuous improvement.

SOC 2

HIPAA

Questions and answers

Products

Resources

Solutions

Prices

Security and compliance

Programs

Company

Legal