Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
As data breaches and government requests for online customer information increase, you need highly secure and compliant solutions. Important regulatory requirements such as General Data Protection Regulation (GDPR) and Sarbanes-Oxley (SOX) make it essential to select cloud services that help you achieve trust, transparency, security, and compliance.
To help you meet your compliance obligations across regulated industries and markets worldwide, Azure Database for PostgreSQL builds on the Microsoft Azure compliance offerings to provide rigorous compliance certifications. Azure maintains the largest compliance portfolio in the industry in terms of both breadth (total number of offerings) and depth (number of customer-facing services in the assessment scope).
Azure compliance offerings are grouped into four segments: globally applicable, US government, industry specific, and region/country specific. Compliance offerings are based on various types of assurances, including:
- Formal certifications, attestations, validations, authorizations, and assessments produced by independent auditing firms.
- Contractual amendments, self-assessments, and customer guidance documents produced by Microsoft.
For more detailed information about Azure compliance offerings, see the Microsoft Trust Center.
Azure Database for PostgreSQL flexible server compliance certifications
Azure Database for PostgreSQL in the Azure public cloud meets a comprehensive set of national, regional, and industry-specific compliance certifications. These certifications help you comply with requirements that govern the collection and use of data.
| Certification | Applicable to |
|---|---|
| HIPAA and HITECH Act (US) | Healthcare |
| HITRUST | Healthcare |
| CFTC 1.31 | Financial |
| DPP (UK) | Media |
| EN 301 549 (EU) | Accessibility |
| ENISA IAF (EU) | Public and private companies, government entities, and nonprofits |
| EU-US Privacy Shield | Public and private companies, government entities, and nonprofits |
| ISO/IEC 27018 | Public and private companies, government entities, and nonprofits that process personal data via the cloud |
| EU Model Clauses | Public and private companies, government entities, and nonprofits that process personal data via the cloud |
| FERPA | Educational institutions |
| FedRAMP High | US federal agencies and contractors |
| GLBA | Financial |
| ISO 27001:2013 | Public and private companies, government entities, and nonprofits |
| My Number Act (Japan) | Public and private companies, government entities, and nonprofits |
| TISAX | Automotive |
| NEN 7510 (Netherlands) | Healthcare |
| NHS IG Toolkit (UK) | Healthcare |
| BIR 2012 (Netherlands) | Public and private companies, government entities, and nonprofits |
| PCI DSS Level 1 | Payment processors and financial |
| SOC 2 Type 2 | Public and private companies, government entities, and nonprofits |
| SEC 17a-4 | Financial |
| Spanish DPA | Public and private companies, government entities, and nonprofits |