Compliance & Certifications

CrateDB Cloud is certified under ISO 27001, the internationally recognized standard for information security management systems (ISMS).
This certification confirms that CrateDB maintains formalized processes for:

• Risk management and mitigation
• Data confidentiality, integrity, and availability
• Continuous monitoring and improvement of information security controls

ISO 27001 demonstrates that CrateDB follows strict governance and operational standards across its infrastructure, personnel, and software lifecycle.

CrateDB Cloud is SOC 2 Type 2 compliant on AWS and Azure, validating the security, availability, and confidentiality of the service.
This independent audit, conducted annually, assesses CrateDB’s controls across:

• System security and data access
• Availability and uptime
• Confidentiality and data privacy practices

SOC 2 Type 2 compliance ensures that our managed services meet the expectations of enterprise and regulated customers for long-term operational reliability.

Beyond certifications, CrateDB’s architecture and operational practices align with industry security frameworks and best practices:

• Encryption at rest and in transit protects data across all layers.
• Role-Based Access Control (RBAC) ensures principle-of-least-privilege enforcement.
• Audit logging provides full traceability for compliance audits.
• Vulnerability management and regular patching protect the system against emerging threats.
• Cloud infrastructure hardening follows CIS and NIST best practices.

• Regulatory readiness: Meet compliance requirements for GDPR, ISO, SOC 2, and other regional mandates.
• Enterprise trust: Demonstrate data protection to partners, auditors, and customers.
• Operational assurance: Proven controls for data security, incident management, and disaster recovery.
• Peace of mind: A security program continuously monitored, audited, and improved by dedicated professionals.