Regulatory Compliance in CockroachDB Dedicated

On this page Carat arrow pointing down

When configured correctly, CockroachDB Dedicated meets the requirements of the following regulatory and compliance standards:

  • System and Organization Controls (SOC) 2 Type 2: CockroachDB Dedicated standard and advanced meet or exceed the requirements of SOC 2 Type 2, which is established and administered by the American Institute of Certified Public Accountants (AICPA). This certification means that the design and implementation of the controls and procedures that protect CockroachDB Dedicated meet the relevant trust objectives both at a point in time and over a period of time.

    To learn more, refer to SOC 2 Type 2 certification in the CockroachDB blog or contact your Cockroach Labs account representative.

  • Payment Card Industry Data Security Standard (PCI DSS): CockroachDB Dedicated advanced has been certified by a PCI Qualified Security Assessor (QSA) as a PCI DSS Level 1 Service Provider. When configured appropriately, CockroachDB Dedicated advanced meets the requirements of PCI DSS 3.2.1. PCI DSS is mandated by credit card issuers but administered by the Payment Card Industry Security Standards Council. Many organizations that do not store cardholder data still rely on compliance with PCI DSS to help protect other sensitive or confidential data or metadata.

    To learn more, refer to PCI DSS Compliance in CockroachDB Dedicated advanced.

  • Health Insurance Portability and Accountability Act (HIPAA): The Health Insurance Portability and Accountability Act of 1996, commonly referred to as HIPAA, defines standards for the storage and handling of personally-identifiable information (PII) related to patient healthcare and health insurance. When configured appropriately for PCI DSS Compliance, CockroachDB Dedicated advanced also meets the requirements of HIPAA.


Yes No
On this page

Yes No