Security compliance and certifications
Cloud Service adheres to the following security standards and certifications:
SOC 2
Service Organization Controls (SOC) 2 is an auditing procedure that ensures service providers securely manage their customer data. Service providers can securely manage their customer data by protecting the interests of the customer’s organization and the privacy of their clients. SOC 2 defines criteria for managing customer data based on up to five trust service principles: security, availability, processing integrity, confidentiality, and privacy.
SOC 2 reports are unique to each organization. In line with specific business practices, each designs its own controls to comply with one or more of the trust service principles. Cloud Service is assessed on security, availability, and confidentiality trust service principles.
A SOC 2 report arrives in two formats:
Type I
SOC 2 Type I classification describes a vendor’s systems and whether their design is suitable to meet relevant trust principles. Type I focuses on the policies and procedures in place at a specific moment in time.
Type II
A SOC 2 Type II report assesses the effectiveness of security processes controls over time by observing operations for a minimum of six months. Like Type I, a Type II report is also an internal controls report capturing how a company safeguards customer data and how well those controls are operating.
GDPR
The General Data Protection Regulation (GDPR) is a regulation in European Union (EU) law on data protection and privacy, as well as in the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR's primary aim is to enhance individuals' control and rights over their personal data and to simplify the regulatory environment for international business.
GDPR compliance implies both privacy and security mechanisms definition, enforcement, and control, including evidence collection. Cloud Service supports GDPR at service level, which means Cloud Service protects the personal data and privacy of EU citizens.
PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that companies that accept, process, store, or transmit credit card information maintain a secure environment. See the PCI Security Council website for more information about PCI.
Cloud Service is compliant with PCI. A PCI Qualified Security Assessor (QSA) certifies compliance. To achieve compliance with PCI DSS on a Cloud Service cluster, any information related to payments or other personally identifiable information (PII) must be encrypted, tokenized, or masked before being written to Cloud Service. You can do this from your customer application or through a third-party solution such as Satori.
Contact your EDB sales representative if you want to learn more about achieving PCI DSS compliance with your Cloud Service clusters.
Could this page be better? Report a problem or suggest an addition!