Yugabyte Security and Trust Center
Yugabyte Compliance Certifications and Authorizations
Our primary security/privacy objectives include being compliant with all the major security and compliance certifications and authorizations that our customers require, and to enable their compliance. We’re well on our way with that journey, and have established a security program based on the ISO 27001 security framework and audited by an independent accounting firm using the SSAE18 SOC 2 standards.
Yugabyte is working towards receiving a variety of industry-standard certifications and authorizations, and will update this list as we achieve different certifications and authorizations.
- ISO 27001: We received our ISO 27001 certification in January 2023. ISO/IEC 27001 defines the requirements for an information security management system (ISMS) and includes best practices for data protection and cyber resilience. Interested parties can receive our ISO 27001 certificate by emailing us at email@example.com.
- SOC 2 Type 2 and SOC 3: We became SOC 2 Type 2 compliant as of September 30, 2022. Yugabyte was assessed by a reputable and independent accounting and auditing firm and has achieved compliance with the following Trust Services Categories: Security, Availability and Confidentiality. Download the published SOC 3 report today or contact our team at firstname.lastname@example.org if you would like a copy of the detailed SOC 2 Type 2 report.
While Yugabyte products cannot meet every regulatory requirement, Yugabyte has embedded capabilities into its products that can help customers work in accordance with the following compliance requirements:
- GDPR: Yugabyte features can help our customers meet their own GDPR compliance requirements. You can learn more about using YugabyteDB to help you achieve compliance with GDPR here.
- Subprocessors. We maintain a current list of companies authorized to process Customer Personal Information for YugabyteDB Managed, including the Subprocessor’s address, description of services provided and the lawful transfer mechanism.
- Data Processing Addendum. We incorporate a Data Processing Addendum into our YugabyteDB Managed Terms of Service that describes our technical and organizational measures meant to meet applicable data protection obligations.