Trust Center

Your data.

Our top priority.

We recognize that data is the beating heart of your business — and that security and compliance are paramount when adopting or maintaining any new technology.

CockroachDB’s native enterprise security capabilities and integrations allow you to safeguard your data with industry best practices. We implement a range of infrastructure security and data governance controls to adhere to stringent regional and industry compliance requirements.

Native Security & Privacy Capabilities

Manage security and privacy guardrails and operate confidently with built-in features.

Compliance Certifications

Network Security

Identity and Access Management

Data Protection and Privacy

Auditing and Logging

CIS

Cockroach Labs has worked with CIS to build CockroachDB Benchmarks as a blueprint for customers to deploy hardened CockroachDB configurations. (Other examples of CIS Benchmarks include those that exist for Cisco Routers and Fortinet Firewalls.)

DORA

The EU can fine a firm 1% of annual revenue for violating DORA’s data resilience mandates. CockroachDB supports DORA compliance through its cability to survive Node, Zone, and even Regional failures with no downtime and minimal latency.

GDPR

The EU can fine a firm 4% of annual revenue for violating the GDPR’s privacy standards. CockroachDB supports GDPR compliance requirements including Data Residency, Right to Access, Right to Be Forgotten, and Privacy by Design with distributed SQL transactions and features such as Regional by Row, Referential Integrity, and global SELECT-DELETE.

HIPAA

CockroachDB Cloud - Advanced is HIPAA-ready to safely store PHI data, as determined by an annual third-party risk assessment that evaluates the service against HIPAA’s security and breach notification rules.

ISO 27001, 27017, 27018, and 42001

Cockroach Labs is certified ISO 27001, 27017, and 27018 compliant, with ISO 42001 (Responsible, Ethical, and Safe AI Governance) certification pending. We are committed to securing our customers’ information.

PCI DSS

CockroachDB Cloud - Advanced has been certified against PCI-DSS SAQ-A and SAQ-D requirements, which indicate we safely handle credit card and payment data.

SOC 2 Type II & SOC 3

Cockroach Labs annually certifies its systems to meet AICPA SOC 2 Type II, and AICPA SOC 3 which audits the operational and security processes of our service and our company.

Privacy

We're committed to being transparent about our privacy practices. Below are links to documentation about our approach.

Since June 4, 2021, Cockroach Labs’ DPA relies on Standard Contractual Clauses to address Privacy Shield invalidation on July 16, 2020.

Talk to Sales

Reach out to schedule time with a CockroachDB expert to discuss your needs.