Regulatory Compliance in CockroachDB Cloud

When configured correctly, CockroachDB Cloud meets the requirements of the following regulatory and compliance standards:

SOC 2 Type 2

CockroachDB Cloud meets or exceeds the requirements of SOC 2 Type 2, which is established and administered by the American Institute of Certified Public Accountants (AICPA). This certification means that the design and implementation of the controls and procedures that protect clusters in CockroachDB Cloud meet the relevant trust objectives both at a point in time and over a period of time.

To learn more, refer to SOC 2 Type 2 certification in the CockroachDB blog or contact your Cockroach Labs account representative.

PCI DSS

CockroachDB Advanced has been certified by a PCI Qualified Security Assessor (QSA) as a PCI DSS Level 1 Service Provider. When configured appropriately, CockroachDB Advanced meets the requirements of PCI DSS 3.2.1. PCI DSS is mandated by credit card issuers but administered by the Payment Card Industry Security Standards Council. Many organizations that do not store cardholder data still rely on compliance with PCI DSS to help protect other sensitive or confidential data or metadata.

Features to support PCI DSS are not yet available on Azure.

To learn more, refer to PCI DSS Compliance in CockroachDB Advanced.

HIPAA

The Health Insurance Portability and Accountability Act of 1996, commonly referred to as HIPAA, defines standards for the storage and handling of personally-identifiable information (PII) related to patient healthcare and health insurance (also referred to as Private Health Information, or PHI).

When configured appropriately for PCI DSS Compliance, CockroachDB Advanced on AWS and GCP also meets the requirements of HIPAA.

Features to support HIPAA are not yet available on Azure.

ISO 27001 and ISO 27017

ISO 27001 and ISO 27017 define international standards for managing information security. ISO 27001 is a general standard, and ISO 27017 is a standard specific to cloud service providers and environments. These standards are governed jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). CockroachDB Cloud meets the requirements of ISO 27001 and ISO 27017.