Security and compliance certificationsAt Synology, we view compliance not just as a legal obligation, but as a promise to our users. Guided by our security-by-design philosophy, we safeguard your data with industry-leading standards across every layer of our hardware, software, and cloud ecosystem, so your information always remains yours.

Security isn’t a claim. It’s certified.Synology’s global operations adhere to internationally recognized security and privacy frameworks. Our internal systems, products, and cloud services undergo regular reviews and audits to ensure the confidentiality, integrity, and availability of data. Compliance is embedded across the organization, spanning product development, service operations, and data center management. These controls and governance practices support global regulatory requirements and industry standards, enabling Synology solutions to operate reliably in regulated and security-sensitive environments.

Certifications & attestationsValidated security for internal systems, cloud services, colocation data centers and hardware.Synology Inc.Applies to Synology's corporate information security management systems (ISMS).

ISO/IEC 27001

C2 Colocation Data CentersThe current scope covers reginal colocation data centers used for C2 services.

ISO/IEC 27001 (Europe, US and APAC)

SOC 2 Type II (US data center)

Compliance & certification

Regulatory framework support

• GDPR (General Data Protection Regulation)
• CCPA (California Consumer Privacy Act)

Certification details

• ISO/IEC 27001
• SOC 2 Type II

GDPR (General Data Protection Regulation) GDPR (General Data Protection Regulation) CCPA (California Consumer Privacy Act) ISO/IEC 27001 SOC 2 Type II

Regulatory framework support

GDPR (General Data Protection Regulation)Synology handles personal information with the highest international standards. Our data governance framework is designed to align with the GDPR principles, ensuring lawfulness, transparency, and accountability throughout the lifecycle of consent, collection, processing, and retention. To safeguard this information, we implement multilayered technical and organizational security measures that ensure users maintain full control over their personal data.
Beyond the protection of personal information, Synology upholds a fundamental commitment to user data sovereignty. Synology does not access, use, or process data stored by users on their hardware appliances. Our systems are designed to ensure that digital assets remain exclusively under user control, protected by an architecture that prioritizes absolute autonomy and ownership.

CCPA (California Consumer Privacy Act)Synology upholds the privacy rights defined by the California Consumer Privacy Act (CCPA) for all California residents. Synology operates on a model of absolute data transparency, ensuring that personal information is never used for unauthorized third-party purposes.

The governance framework is designed to provide consumers with clear visibility into the categories of personal information collected and the specific purposes for which it is used. To facilitate these protections, Synology implements robust technical and organizational measures that empower users to exercise their statutory rights, including the right to know, the right to delete, and the right to opt out, ensuring full authority over their digital identity.

Certification details

ISO/IEC 27001ISO/IEC 27001:2022 is the premier international standard for Information Security Management Systems (ISMS), providing a robust risk-management framework for the protection of organizational information assets.

Synology maintains formal ISO/IEC 27001:2022 certification for its corporate operations, validated through rigorous independent audits. This certification confirms that Synology has established and maintains a comprehensive information security management system (ISMS), designed to protect the confidentiality, integrity, and availability (CIA) of data.

For its cloud services, Synology works with third-party colocation data centers that maintain ISO/IEC 27001–certified facilities, ensuring that physical infrastructure and facility-level security controls are managed in accordance with internationally recognized information security standards.

By maintaining this globally recognized standard, Synology ensures that security governance is an ongoing, systematic process, providing clients with verified assurance that their information is managed under the highest security protocols.

SOC 2 Type IISOC 2 (System and Organization Controls) is a framework developed by the AICPA to evaluate a service organization’s internal controls based on the Trust Services Criteria of security, availability, processing integrity, confidentiality, and privacy.

Synology C2 data center located in the United States is maintained to these high standards, including rigorous physical security protocols, multi-factor access controls, and advanced network monitoring. By selecting U.S.-based colocation data centers that are certified under SOC 2 Type II, Synology supports a secure and well-controlled hosting environment for users requiring certified management of their information assets.

Shared responsibilitySynology is committed to delivering the highest standards of platform security, yet comprehensive data protection requires a collaborative approach. Synology ensures the integrity of the underlying infrastructure, while users play a critical role in managing data access, device configuration, and internal controls. Together, we create an environment that is not only secure by design but also resilient in practice.Synology responsibilities

• Physical security of data centers and C2 cloud infrastructure.
• Maintenance and patching of hardware, OS, firmware, and software packages.
• Secure cryptographic modules for data at rest and in transit.

Customer responsibilities

• Implementation of access control and strong password policies.
• Configuration of network security, firewalls, and VPNs.
• Management of end-user data lifecycle and privacy requests.

Helping you meet compliance requirementsLearn how Synology products and services help customers meet compliance requirements through applicable standards, controls, and configuration guidance.Learn more

Note:In an on-premises environment, the integrity of the ecosystem is a collaborative effort. Synology delivers the secure-by-design hardware and software foundation, empowering customers with the necessary controls to meet their compliance goals. Consequently, customers manage the deployment, operation, and ongoing maintenance in accordance with their internal security protocols and legal obligations.For details on data processing terms and responsibilities related to Synology C2 services, please refer to the Data Processing Addendum (DPA): https://c2.synology.com/legal/dpa