Edit

Security and compliance certifications in Azure Database for PostgreSQL flexible server

As data breaches and government requests for online customer information increase, you need highly secure and compliant solutions. Important regulatory requirements such as General Data Protection Regulation (GDPR) and Sarbanes-Oxley (SOX) make it essential to select cloud services that help you achieve trust, transparency, security, and compliance.

To help you meet your compliance obligations across regulated industries and markets worldwide, Azure Database for PostgreSQL builds on the Microsoft Azure compliance offerings to provide rigorous compliance certifications. Azure maintains the largest compliance portfolio in the industry in terms of both breadth (total number of offerings) and depth (number of customer-facing services in the assessment scope).

Azure compliance offerings are grouped into four segments: globally applicable, US government, industry specific, and region/country specific. Compliance offerings are based on various types of assurances, including:

  • Formal certifications, attestations, validations, authorizations, and assessments produced by independent auditing firms.
  • Contractual amendments, self-assessments, and customer guidance documents produced by Microsoft.

For more detailed information about Azure compliance offerings, see the Microsoft Trust Center.

Azure Database for PostgreSQL flexible server compliance certifications

Azure Database for PostgreSQL in the Azure public cloud meets a comprehensive set of national, regional, and industry-specific compliance certifications. These certifications help you comply with requirements that govern the collection and use of data.

Certification Applicable to
HIPAA and HITECH Act (US) Healthcare
HITRUST Healthcare
CFTC 1.31 Financial
DPP (UK) Media
EN 301 549 (EU) Accessibility
ENISA IAF (EU) Public and private companies, government entities, and nonprofits
EU-US Privacy Shield Public and private companies, government entities, and nonprofits
ISO/IEC 27018 Public and private companies, government entities, and nonprofits that process personal data via the cloud
EU Model Clauses Public and private companies, government entities, and nonprofits that process personal data via the cloud
FERPA Educational institutions
FedRAMP High US federal agencies and contractors
GLBA Financial
ISO 27001:2013 Public and private companies, government entities, and nonprofits
My Number Act (Japan) Public and private companies, government entities, and nonprofits
TISAX Automotive
NEN 7510 (Netherlands) Healthcare
NHS IG Toolkit (UK) Healthcare
BIR 2012 (Netherlands) Public and private companies, government entities, and nonprofits
PCI DSS Level 1 Payment processors and financial
SOC 2 Type 2 Public and private companies, government entities, and nonprofits
SEC 17a-4 Financial
Spanish DPA Public and private companies, government entities, and nonprofits