Security and Compliance Certifications in Azure Database for PostgreSQL - Flexible Server

APPLIES TO: Azure Database for PostgreSQL - Flexible Server

Overview of Compliance Certifications on Microsoft Azure

Customers experience an increasing demand for highly secure and compliant solutions as they face data breaches along with requests from governments to access online customer information. Important regulatory requirements such as the General Data Protection Regulation (GDPR) or Sarbanes-Oxley (SOX) make selecting cloud services that help customers achieve trust, transparency, security, and compliance essential. To help customers achieve compliance with national, regional, and industry specific regulations and requirements Azure Database for PostgreSQL - Flexible Server build upon Microsoft Azure’s compliance offerings to provide the most rigorous compliance certifications to customers at service general availability. To help customers meet their own compliance obligations across regulated industries and markets worldwide, Azure maintains the largest compliance portfolio in the industry both in terms of breadth (total number of offerings), as well as depth (number of customer-facing services in assessment scope). Azure compliance offerings are grouped into four segments: globally applicable, US government, industry specific, and region/country specific. Compliance offerings are based on various types of assurances, including formal certifications, attestations, validations, authorizations, and assessments produced by independent third-party auditing firms, as well as contractual amendments, self-assessments and customer guidance documents produced by Microsoft. More detailed information about Azure compliance offerings is available from the Trust Center.

Azure Database for PostgreSQL - Flexible Server Compliance Certifications

Azure Database for PostgreSQL - Flexible Server has achieved a comprehensive set of national, regional, and industry-specific compliance certifications in our Azure public cloud to help you comply with requirements governing the collection and use of your data.

Certification Applicable To
HIPAA and HITECH Act (U.S.) Healthcare
HITRUST Healthcare
CFTC 1.31 Financial
DPP (UK) Media
EU EN 301 549 Accessibility
EU ENISA IAF Public and private companies, government entities and not-for-profits
EU US Privacy Shield Public and private companies, government entities and not-for-profits
SO/IEC 27018 Public and private companies, government entities and not-for-profits that provides PII processing services via the cloud
EU Model Clauses Public and private companies, government entities and not-for-profits that provides PII processing services via the cloud
FERPA Educational Institutions
FedRAMP High US Federal Agencies and Contractors
GLBA Financial
ISO 27001:2013 Public and private companies, government entities and not-for-profits
Japan My Number Act Public and private companies, government entities and not-for-profits
TISAX Automotive
NEN Netherlands 7510 Healthcare
NHS IG Toolkit UK Healthcare
BIR 2012 Netherlands Public and private companies, government entities and not-for-profits
PCI DSS Level 1 Payment processors and Financial
SOC 2 Type 2 Public and private companies, government entities and not-for-profits
Sec 17a-4 Financial
Spain DPA Public and private companies, government entities and not-for-profits

Next Steps