We Value Your Trust

At PingCAP, we value security and trust more than anything because we know our customers entrust us with helping them manage their most important asset – their data. We take this responsibility seriously and are always dedicated to protecting the security, availability, and confidentiality of our customers’ data. We have incorporated security into all aspects of our offering and operations.

We are committed to providing enterprise-grade security and privacy. This is not simply demonstrated in technology. We undergo third-party auditing to ensure our services and operations adhere to the compliance requirements of your organization. TiDB Cloud operates in accordance with the following compliance requirements:

EUCloudCoC_Lvl2

European Union’s Cloud Code of Conduct

PingCAP is verified compliant with the European Union’s Cloud Code of Conduct (“CoC”).**  The primary objective of the EU CoC is to harmonize implementation of GDPR requirements across the cloud industry. This achievement is a testament to our collective efforts and commitment to maintaining the highest standards of privacy and data handling practices.

The EU Cloud CoC is designed to ensure that organizations operate transparently, fairly and sustainably. By adhering to the EU Cloud CoC, we are not only aligning ourselves with these important principles but also reinforcing our dedication to responsible privacy practices that benefit our customers, partners and communities we serve.

**Services are verified compliant with the EU Cloud CoC, Verification-ID: 2024LVL02SCOPE5420. For further information please visit https://eucoc.cloud/en/public-register

SOC

SOC 1 Type II

The SOC 1 Type II audit is performed by Schellman & Company, LLC, based on relevant guidelines developed by the American Institute of Certified Public Accountants (AICPA). SOC stands for “System and Organization Controls”. It reflects the appropriateness of design and operating effectiveness of an organization’s internal controls related to financial reporting.

SOC

SOC 2 Type II

The SOC 2 Type II audit is performed by Schellman & Company, LLC, based on relevant guidelines developed by the American Institute of Certified Public Accountants (AICPA) for the appropriateness of controls related to the security, availability, and confidentiality of the TiDB Cloud service offering. PingCAP completed the SOC 2 Type II examination in February, 2021.

SOC

SOC 3

SOC 3 can be understood as a simplified version of SOC 2, both of which evaluate the effectiveness of internal control. However, SOC 3 is specially designed for external announcements, which simplifies the way of expression and facilitates the reliability of internal control of the enterprise to customers and the public. You can download the PingCAP SOC 3 report via the link below.

PingCAP SOC 3 Report

iso 27001

ISO/IEC 27001:2013

ISO/IEC 27001:2013 is a globally recognized standard that sets out the policies and requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). PingCAP has achieved ISO/IEC 27001:2013 for TiDB Cloud, certified by British Standards Institution (BSI), an ANAB-accredited certification body.

iso 27701

ISO/IEC 27701

ISO/IEC 27701 is a privacy extension to ISO/IEC 27001 Information Security Management and ISO/IEC 27002 Security Controls. As an international management system standard, it provides guidance on the protection of privacy, including how organizations should manage personal information, and assists in demonstrating compliance with privacy regulations around the world.

GDPR

General Data Protection Regulation

The General Data Protection Regulation (GDPR) is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. GDPR applies to all companies processing and holding the personal data of data subjects located in the European Union, regardless of the company’s location. PingCAP has joined the EU Cloud Code of Conduct, and has submitted its Declaration of Adherence to the Code to demonstrate compliance with the GDPR.

PCI DSS

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is designed to promote and enhance cardholder data security and facilitate the widespread adoption of uniform data security measures around the world.

HIPAA

HIPAA

HIPAA is a piece of legislation in the United States that provides data privacy and security provisions for the protection of healthcare data. HIPAA, as a widely recognized health care industry regulation, has become the only way for companies involved in healthcare data to comply with HIPAA requirements.

For organizations in healthcare and related fields subject to the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), PingCAP can support HIPAA-related customer data after a Business Associate Agreement (BAA) has been properly executed with PingCAP.

PingCAP HIPAA Compliance FAQ         PingCAP HIPAA Whitepaper