DELIVERING END-TO-END SECURITY

Yugabyte Security and Trust Center

Our mission is to be the leader in cloud native database security. We embed security and privacy from the very start in our company, products, and product development process to address modern compliance requirements. We have two primary objectives: be compliant with all the major security and compliance frameworks that our customers require, and offer our customers the most secure, high performing, and resilient database in the industry.
Security Icon
Security
Fully understand our end-to-end approach to secure Yugabyte products and services.
Compliance Icon
Compliance
Discover best practices to meet regulatory requirements, privacy objectives, and security standards.
System Status Icon
System Status
Enjoy full transparency with real-time information on YugabyteDB Managed availability and past incidents.

Yugabyte Compliance Certifications and Authorizations

Our primary security/privacy objectives include being compliant with all the major security and compliance certifications and authorizations that our customers require, and to enable their compliance. We’re well on our way with that journey, and have established a security program based on the ISO 27001 security framework and audited by an independent accounting firm using the SSAE18 SOC 2 standards. 

Yugabyte ISO Certifications

Yugabyte is working towards receiving a variety of industry-standard certifications and authorizations, and will update this list as we achieve different certifications and authorizations.

  • ISO 27001: We received our ISO 27001 certification in January 2023. ISO/IEC 27001 defines the requirements for an information security management system (ISMS) and includes best practices for data protection and cyber resilience. Interested parties can receive our ISO 27001 certificate by emailing us at compliance@yugabyte.com.
Yugabyte SOC Compliance
  • SOC 2 Type 2 and SOC 3: We became SOC 2 Type 2 compliant as of September 30, 2022. Yugabyte was assessed by a reputable and independent accounting and auditing firm and has achieved compliance with the following Trust Services Categories: Security, Availability and Confidentiality. Download the published SOC 3 report today or contact our team at if you would like a copy of the detailed SOC 2 Type 2 report.
AICPA SOC Logo Non-CPA
Customer Compliance Requirements

While Yugabyte products cannot meet every regulatory requirement, Yugabyte has embedded capabilities into its products that can help customers work in accordance with the following compliance requirements:

  • GDPR: Yugabyte features can help our customers meet their own GDPR compliance requirements. You can learn more about using YugabyteDB to help you achieve compliance with GDPR here.
GDPR Logo
Additional Data Processing Resources
  • Subprocessors. We maintain a current list of companies authorized to process Customer Personal Information for YugabyteDB Managed, including the Subprocessor’s address, description of services provided and the lawful transfer mechanism.
  • Data Processing Addendum. We incorporate a Data Processing Addendum into our YugabyteDB Managed Terms of Service that describes our technical and organizational measures meant to meet applicable data protection obligations.
Our mission is to lead in cloud native database security. We embed security and privacy in all aspects of our company and product development process to address modern compliance requirements for our customers.
Karthik Ranganathan, Co-Founder & CTO, Yugabyte