{"id":29935,"date":"2025-10-12T20:35:51","date_gmt":"2025-10-13T03:35:51","guid":{"rendered":"https:\/\/www.pingcap.com\/?page_id=29935"},"modified":"2025-10-15T22:10:22","modified_gmt":"2025-10-16T05:10:22","slug":"security-addendum","status":"publish","type":"page","link":"https:\/\/www.pingcap.com\/ko\/legal\/security-addendum\/","title":{"rendered":"TiDB Cloud Security Addendum"},"content":{"rendered":"","protected":false},"excerpt":{"rendered":"","protected":false},"author":178,"featured_media":0,"parent":3574,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"ub_ctt_via":""},"class_list":["post-29935","page","type-page","status-publish","hentry"],"acf":[],"featured_image_src":null,"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>TiDB Cloud Security Addendum<\/title>\n<meta name=\"description\" content=\"Learn how we safeguards your data through the Security Addendum, defining security standards, compliance, and shared responsibilities.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.pingcap.com\/ko\/legal\/security-addendum\/\" \/>\n<meta property=\"og:locale\" content=\"ko_KR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"TiDB Cloud Security Addendum\" \/>\n<meta property=\"og:description\" content=\"Learn how we safeguards your data through the Security Addendum, defining security standards, compliance, and shared responsibilities.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.pingcap.com\/ko\/legal\/security-addendum\/\" \/>\n<meta property=\"og:site_name\" content=\"TiDB\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/facebook.com\/pingcap2015\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-16T05:10:22+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/static.pingcap.com\/files\/2024\/09\/11005522\/Homepage-Ad.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1440\" \/>\n\t<meta property=\"og:image:height\" content=\"714\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@PingCAP\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.pingcap.com\/legal\/security-addendum\/\",\"url\":\"https:\/\/www.pingcap.com\/legal\/security-addendum\/\",\"name\":\"TiDB Cloud Security Addendum\",\"isPartOf\":{\"@id\":\"https:\/\/www.pingcap.com\/#website\"},\"datePublished\":\"2025-10-13T03:35:51+00:00\",\"dateModified\":\"2025-10-16T05:10:22+00:00\",\"description\":\"Learn how we safeguards your data through the Security Addendum, defining security standards, compliance, and shared responsibilities.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.pingcap.com\/legal\/security-addendum\/#breadcrumb\"},\"inLanguage\":\"ko-KR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.pingcap.com\/legal\/security-addendum\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.pingcap.com\/legal\/security-addendum\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.pingcap.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Legal Documents\",\"item\":\"https:\/\/www.pingcap.com\/legal\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"TiDB Cloud Security Addendum\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.pingcap.com\/#website\",\"url\":\"https:\/\/www.pingcap.com\/\",\"name\":\"TiDB\",\"description\":\"TiDB | SQL at Scale\",\"publisher\":{\"@id\":\"https:\/\/www.pingcap.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.pingcap.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ko-KR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.pingcap.com\/#organization\",\"name\":\"PingCAP\",\"url\":\"https:\/\/www.pingcap.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ko-KR\",\"@id\":\"https:\/\/www.pingcap.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/static.pingcap.com\/files\/2021\/11\/pingcap-logo.png\",\"contentUrl\":\"https:\/\/static.pingcap.com\/files\/2021\/11\/pingcap-logo.png\",\"width\":811,\"height\":232,\"caption\":\"PingCAP\"},\"image\":{\"@id\":\"https:\/\/www.pingcap.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/facebook.com\/pingcap2015\",\"https:\/\/x.com\/PingCAP\",\"https:\/\/linkedin.com\/company\/pingcap\",\"https:\/\/youtube.com\/channel\/UCuq4puT32DzHKT5rU1IZpIA\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TiDB Cloud Security Addendum","description":"Learn how we safeguards your data through the Security Addendum, defining security standards, compliance, and shared responsibilities.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.pingcap.com\/ko\/legal\/security-addendum\/","og_locale":"ko_KR","og_type":"article","og_title":"TiDB Cloud Security Addendum","og_description":"Learn how we safeguards your data through the Security Addendum, defining security standards, compliance, and shared responsibilities.","og_url":"https:\/\/www.pingcap.com\/ko\/legal\/security-addendum\/","og_site_name":"TiDB","article_publisher":"https:\/\/facebook.com\/pingcap2015","article_modified_time":"2025-10-16T05:10:22+00:00","og_image":[{"width":1440,"height":714,"url":"https:\/\/static.pingcap.com\/files\/2024\/09\/11005522\/Homepage-Ad.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_site":"@PingCAP","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.pingcap.com\/legal\/security-addendum\/","url":"https:\/\/www.pingcap.com\/legal\/security-addendum\/","name":"TiDB Cloud Security Addendum","isPartOf":{"@id":"https:\/\/www.pingcap.com\/#website"},"datePublished":"2025-10-13T03:35:51+00:00","dateModified":"2025-10-16T05:10:22+00:00","description":"Learn how we safeguards your data through the Security Addendum, defining security standards, compliance, and shared responsibilities.","breadcrumb":{"@id":"https:\/\/www.pingcap.com\/legal\/security-addendum\/#breadcrumb"},"inLanguage":"ko-KR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.pingcap.com\/legal\/security-addendum\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.pingcap.com\/legal\/security-addendum\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.pingcap.com\/"},{"@type":"ListItem","position":2,"name":"Legal Documents","item":"https:\/\/www.pingcap.com\/legal\/"},{"@type":"ListItem","position":3,"name":"TiDB Cloud Security Addendum"}]},{"@type":"WebSite","@id":"https:\/\/www.pingcap.com\/#website","url":"https:\/\/www.pingcap.com\/","name":"\ud2f0DB","description":"TiDB | SQL at Scale","publisher":{"@id":"https:\/\/www.pingcap.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.pingcap.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ko-KR"},{"@type":"Organization","@id":"https:\/\/www.pingcap.com\/#organization","name":"PingCAP","url":"https:\/\/www.pingcap.com\/","logo":{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/www.pingcap.com\/#\/schema\/logo\/image\/","url":"https:\/\/static.pingcap.com\/files\/2021\/11\/pingcap-logo.png","contentUrl":"https:\/\/static.pingcap.com\/files\/2021\/11\/pingcap-logo.png","width":811,"height":232,"caption":"PingCAP"},"image":{"@id":"https:\/\/www.pingcap.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/facebook.com\/pingcap2015","https:\/\/x.com\/PingCAP","https:\/\/linkedin.com\/company\/pingcap","https:\/\/youtube.com\/channel\/UCuq4puT32DzHKT5rU1IZpIA"]}]}},"grav_blocks":[{"acf_fc_layout":"columns","format":"","enable_box_container":false,"column_num":"8","columns":[{"type":"wysiwyg","wysiwyg":"<p>TiDB Cloud Security Addendum (&#8220;Addendum&#8221;) is subject to, and hereby incorporated into, the applicable agreement (including the applicable Data Processing Agreement entered into therewith) between Customer and PingCAP for TiDB Cloud Services (defined below) (the &#8220;Agreement&#8221;). This Addendum sets forth the terms and conditions related to PingCAP\u2019s protection of Your Content (as defined in the Agreement), including any CSA Personal Data therein, processed by PingCAP within the Cloud Services, Support Services, and\/or Consulting Services, as applicable (\u201cTiDB Cloud Services\u201d). Capitalized terms not defined in this Addendum shall have the meanings set forth in the applicable Agreement.<\/p>\n<h2>1. PINGCAP SECURITY PROGRAM<\/h2>\n<p>PingCAP shall maintain a security program that is designed to protect the security, confidentiality, and integrity of Your Content (the &#8220;PingCAP Security Program&#8221;). The PingCAP Security Program will be implemented on an organization-wide basis. The PingCAP Security Program will be designed to ensure PingCAP\u2019s compliance with data protection laws and regulations applicable to PingCAP\u2019s performance under the applicable Data Processing Agreement, and shall include the safeguards set forth on <a href=\"https:\/\/docs.pingcap.com\/tidbcloud\/manage-user-access\/\">PingCAP Security Controls<\/a>, which substantially conform to the ISO\/IEC 27001\/27701 control framework.<\/p>\n<h2>2. THIRD-PARTY SERVICE PROVIDERS<\/h2>\n<p>PingCAP uses Infrastructure as a Service (IaaS) providers, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud to provide PingCAP Cloud Services and uses Software as a Service Providers (SaaS), such as Jira to provide Support Services and Consulting Services. PingCAP shall conduct regular due diligence on its third party service providers (which includes reviewing industry standard reports and certifications such as a SOC 2 report), and reasonably ensure, based on their responses, that such third parties have in place security controls that are substantially similar to the <a href=\"https:\/\/docs.pingcap.com\/tidbcloud\/manage-user-access\/\">PingCAP Security Controls<\/a>.<\/p>\n<h2>3. SECURITY BREACH RESPONSE<\/h2>\n<p>Upon becoming aware of a Security Breach, PingCAP shall: (a) without undue delay, notify Customer (at the Customer-designated email address associated with the TiDB Cloud Services) of the discovery of the confirmed Security Breach, which shall include a summary of the known circumstances of the Security Breach and the corrective actions taken or to be taken by PingCAP; (b) conduct an investigation of the circumstances of the Security Breach; (c) use commercially reasonable efforts to mitigate the effects of the Security Breach; and (d) use commercially reasonable efforts to communicate and cooperate with Customer concerning its responses to the Security Breach. &#8220;Security Breach&#8221; means any confirmed security incident leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Your Content (including any CSA Personal Data contained therein) that PingCAP has an obligation to safeguard under the Agreement.<\/p>\n<h2>4. AUDIT REPORTS<\/h2>\n<p>Upon written request, PingCAP shall provide to Customer copies of audit reports (including the Service Organization Control (SOC) II Type 2 examination or similar reports as PingCAP may have obtained as of the date of the written request) applicable to the PingCAP Offerings, and related certificates and attestations, evincing its compliance with industry standards and, as applicable, accreditations. Where applicable, the accredited independent third-party audits will occur at the frequency required by the relevant standard to maintain compliance and accreditation. Upon Customer\u2019s request thereafter, PingCAP shall provide current or updated certificates, attestations, or reports on up to an annual basis.<\/p>\n<h2>5. SECURITY ASSESSMENT<\/h2>\n<p>Upon the provision of reasonable notice to PingCAP, no more than once every twelve months during the term of the Agreement and during normal business hours, PingCAP shall make appropriate PingCAP personnel reasonably available to Customer to discuss PingCAP\u2019s manner of compliance with applicable security obligations under this Agreement. In advance of such discussion, PingCAP may, in its sole discretion, provide Customer with access to information or documentation concerning PingCAP\u2019s security practices as they relate to this Agreement, including without limitation, access to any security assessment reports designed to be shared with third parties. Any information or documentation provided pursuant to this assessment process or otherwise pursuant to this Addendum shall be considered PingCAP Confidential Information and subject to the Confidentiality section of the Agreement.<\/p>\n<h2>6. TiDB Cloud Services<\/h2>\n<p>Notwithstanding anything contained herein, Customer shall be responsible for: (i) determining whether the Cloud Services are suitable for Customer\u2019s use; (ii) implementing and managing security and privacy measures to secure Customer\u2019s access and use of the Cloud Services, including, without limitation, managing credentials for and using secure connections to the Cloud Services; (iii) validating plugins before installing them into the Cloud Services; (iv) implementing, maintaining, and monitoring backups of Content stored within the Cloud Services; and (v) removing Content from the Cloud Services environment prior to termination of the relevant Cloud Service.<\/p>\n","accordion_column_title":"","accordion_sections":false,"video_image":false,"video_url":"","video_content":""}],"block_background":"block-bg-none","block_background_video_type":"url","block_background_video_url":"","block_background_video_file":false,"block_background_image":false,"block_background_overlay":false,"unique_id":"","block_option_custom_class":"","block_option_padding":[],"block_option_hide":[],"block_add_top_arc":false,"block_increase_bottom_padding":false}],"_links":{"self":[{"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/pages\/29935","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/users\/178"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/comments?post=29935"}],"version-history":[{"count":3,"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/pages\/29935\/revisions"}],"predecessor-version":[{"id":29986,"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/pages\/29935\/revisions\/29986"}],"up":[{"embeddable":true,"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/pages\/3574"}],"wp:attachment":[{"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/media?parent=29935"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}