Announcing SOC 2 and SOC 3 Compliance for YugabyteDB

YugabyteDB continues to showcase that distributed SQL is ready to power a diverse set of business-critical workloads. For those applications where security is a top priority, we are delighted to announce that we have successfully completed our Service Organization Controls (SOC) 2 Type 2 and SOC 3 attestations, covering YugabyteDB, YugabyteDB Anywhere, and YugabyteDB Managed.

Whether you’re a seasoned CISO with a large enterprise or just beginning your YugabyteDB journey, we know that security is paramount.

Enterprises need to have full confidence in their providers’ processes and controls. Regardless of the deployment mode, YugabyteDB is ideal for business-critical transactional applications and services that require data to be strongly consistent, highly available, and very secure. Some of the world’s most innovative businesses trust YugabyteDB with their critical data in production environments—adding up to billions of operations per day and terabytes of data per node. Review our complete customer success story library for more details.

What is SOC 2 Type 2?

Governed by the American Institute of Certified Public Accountants (AICPA), SOC 2 is a reporting framework designed to verify that service providers are properly following the processes and procedures they have in place to ensure data security. SOC 2 is based on the following five Trust Services Criteria, as defined by the AICPA:

• Security
• Availability
• Confidentiality
• Processing Integrity
• Privacy

To satisfy the Trust Services Criteria, organizations must adopt a series of security policies, procedures, and controls that encompass best practices and which will ultimately makeup an organization’s formalized security program. A SOC 2 Type 2 audit evaluates an organization’s security program over a specified  period of time in order to demonstrate the degree of effectiveness it has on the organization.

YugabyteDB Completes SOC 2 Type 2 Attestation

Yugabyte’s SOC 2 Type 2 report captures the details of the audit performed by an independent accounting and auditing firm, where they confirmed that over a full six month period, Yugabyte effectively followed documented security systems and controls. The reputable and independent accounting and auditing firm issued an unmodified opinion with no exceptions noted.

Our SOC 2 Type 1 report (issued in February 2022) served as a point-in-time assessment of Yugabyte’s security posture. Now we are thrilled to announce our SOC Type 2 attestation that shows we not only implemented the controls and best practices to provide our users with first-class security, but continue to apply them consistently without exception over time.

As part of this process, Yugabyte also received a SOC 3 attestation, which summarizes our SOC 2 Type 2 attestation in a more general report and is available upon request.

Security Must be a Top Priority

For Yugabyte, the SOC 2 requirements are not just another check in the compliance checkbox. It demonstrates our commitment to defining, implementing, and following a comprehensive security program. Some of the world’s most innovative enterprises count on Yugabyte as a trusted partner and this attestation gives those enterprises peace of mind because they know that their data is in good hands. 

To review Yugabyte’s SOC 2 Type 2 or SOC 3 reports, please contact our Security and Compliance team. You can also discover more in our recent press release, Yugabyte Achieves SOC 2 Type II and SOC 3 Attestations.

For more information on how Yugabyte delivers end-to-end security, visit our dedicated Yugabyte Security and Trust Center.