Security and Compliance Certifications in Azure Database for PostgreSQL - Flexible Server
APPLIES TO: 
Azure Database for PostgreSQL - Flexible Server
Overview of Compliance Certifications on Microsoft Azure
Customers experience an increasing demand for highly secure and compliant solutions as they face data breaches along with requests from governments to access online customer information. Important regulatory requirements such as the General Data Protection Regulation (GDPR) or Sarbanes-Oxley (SOX) make selecting cloud services that help customers achieve trust, transparency, security, and compliance essential. To help customers achieve compliance with national, regional, and industry specific regulations and requirements Azure Database for PostgreSQL - Flexible Server build upon Microsoft Azure’s compliance offerings to provide the most rigorous compliance certifications to customers at service general availability. To help customers meet their own compliance obligations across regulated industries and markets worldwide, Azure maintains the largest compliance portfolio in the industry both in terms of breadth (total number of offerings), as well as depth (number of customer-facing services in assessment scope). Azure compliance offerings are grouped into four segments: globally applicable, US government, industry specific, and region/country specific. Compliance offerings are based on various types of assurances, including formal certifications, attestations, validations, authorizations, and assessments produced by independent third-party auditing firms, as well as contractual amendments, self-assessments and customer guidance documents produced by Microsoft. More detailed information about Azure compliance offerings is available from the Trust Center.
Azure Database for PostgreSQL - Flexible Server Compliance Certifications
Azure Database for PostgreSQL - Flexible Server has achieved a comprehensive set of national, regional, and industry-specific compliance certifications in our Azure public cloud to help you comply with requirements governing the collection and use of your data.
| Certification | Applicable To |
|---|---|
| HIPAA and HITECH Act (U.S.) | Healthcare |
| HITRUST | Healthcare |
| CFTC 1.31 | Financial |
| DPP (UK) | Media |
| EU EN 301 549 | Accessibility |
| EU ENISA IAF | Public and private companies, government entities and not-for-profits |
| EU US Privacy Shield | Public and private companies, government entities and not-for-profits |
| SO/IEC 27018 | Public and private companies, government entities and not-for-profits that provides PII processing services via the cloud |
| EU Model Clauses | Public and private companies, government entities and not-for-profits that provides PII processing services via the cloud |
| FERPA | Educational Institutions |
| FedRAMP High | US Federal Agencies and Contractors |
| GLBA | Financial |
| ISO 27001:2013 | Public and private companies, government entities and not-for-profits |
| Japan My Number Act | Public and private companies, government entities and not-for-profits |
| TISAX | Automotive |
| NEN Netherlands 7510 | Healthcare |
| NHS IG Toolkit UK | Healthcare |
| BIR 2012 Netherlands | Public and private companies, government entities and not-for-profits |
| PCI DSS Level 1 | Payment processors and Financial |
| SOC 2 Type 2 | Public and private companies, government entities and not-for-profits |
| Sec 17a-4 | Financial |
| Spain DPA | Public and private companies, government entities and not-for-profits |
Next Steps
Feedback
Submit and view feedback for