Yugabyte Security and Trust Center
Yugabyte Compliance Certifications and Authorizations
Our primary security/privacy objectives include being compliant with all the major security and compliance certifications and authorizations that our customers require, and to enable their compliance. We’re well on our way with that journey, and have established a security program based on the ISO 27001 security framework and audited by an independent accounting firm using the SSAE18 SOC 2 standards.
Yugabyte continues to demonstrate the company’s commitment to enterprise customers running business-critical workloads by meeting the strict requirements for a number of critical ISO certifications and authorizations. To date, YugabyteDB has received the following:
- ISO 27001: We received our ISO 27001 certification in January 2023. ISO/IEC 27001 defines the requirements for an information security management system (ISMS) and includes best practices for data protection and cyber resilience.
- ISO 22301: We received our ISO 22301 certification in July 2023. ISO 22301 defines the requirements for establishing and maintaining a business continuity management system (BCMS) and includes best practices for minimizing the impact of disruptive events.
- ISO 9001: We received our ISO 9001 certification in July 2023. ISO 9001 defines the requirements for establishing and maintaining a quality management system (QMS) and includes best practices for meeting and exceeding customer expectations.
Interested parties can request a our ISO certificates by emailing us at compliance@yugabyte.com.
Yugabyte is continuing to work towards receiving additional industry-standard certifications and authorizations, and will update this list as we achieve different certifications and authorizations.
- SOC 1 Type 2: We became SOC 1 Type 2 compliant as of November 16, 2023. Yugabyte has implemented a system of internal controls over financial reporting that was assessed by a reputable and independent accounting and auditing firm. Please contact our team at compliance@yugabyte.com if you would like a copy of the detailed SOC 1 Type 2 report.
- SOC 2 Type 2 and SOC 3: We became SOC 2 Type 2 compliant as of September 30, 2022. Yugabyte was assessed by a reputable and independent accounting and auditing firm and has achieved compliance with the following Trust Services Categories: Security, Availability and Confidentiality. Download the published SOC 3 report today or contact our team at compliance@yugabyte.com if you would like a copy of the detailed SOC 2 Type 2 report.
Built upon existing Cloud Security Alliance programs, the Trusted Cloud Provider program allows organizations to demonstrate their commitment to holistic security and services.
- Trusted Cloud Provider: Yugabyte was awarded CSA’s Trusted Cloud Provider trustmark in April 2023. This designation demonstrates our commitment to implementing industry-recognized best practices in securing our cloud computing environments. Our Level One assessment can be accessed via the CSA STAR registry.
While Yugabyte products cannot meet every regulatory requirement, Yugabyte has embedded capabilities into its products that can help customers work in accordance with the following compliance requirements:
- GDPR: Yugabyte features can help our customers meet their own GDPR compliance requirements. You can learn more about using YugabyteDB to help you achieve compliance with GDPR here.
- Subprocessors. We maintain a current list of companies authorized to process Customer Personal Information for YugabyteDB Managed, including the Subprocessor’s address, description of services provided and the lawful transfer mechanism.
- Data Processing Addendum. We incorporate a Data Processing Addendum into our YugabyteDB Managed Terms of Service that describes our technical and organizational measures meant to meet applicable data protection obligations.