Security and compliance certifications in Azure Database for PostgreSQL - Flexible Server
APPLIES TO: 
Azure Database for PostgreSQL - Flexible Server
Customers experience an increasing demand for highly secure and compliant solutions as they face data breaches along with requests from governments to access online customer information. Important regulatory requirements such as General Data Protection Regulation (GDPR) and Sarbanes-Oxley (SOX) make selecting cloud services that help customers achieve trust, transparency, security, and compliance essential.
To help customers meet their compliance obligations across regulated industries and markets worldwide, Azure Database for PostgreSQL flexible server builds on the Microsoft Azure compliance offerings to provide rigorous compliance certifications. Azure maintains the largest compliance portfolio in the industry in terms of both breadth (total number of offerings) and depth (number of customer-facing services in the assessment scope).
Azure compliance offerings are grouped into four segments: globally applicable, US government, industry specific, and region/country specific. Compliance offerings are based on various types of assurances, including:
- Formal certifications, attestations, validations, authorizations, and assessments produced by independent auditing firms.
- Contractual amendments, self-assessments, and customer guidance documents produced by Microsoft.
More detailed information about Azure compliance offerings is available from the Microsoft Trust Center.
Azure Database for PostgreSQL flexible server compliance certifications
Azure Database for PostgreSQL flexible server has achieved a comprehensive set of national/regional and industry-specific compliance certifications in the Azure public cloud. These certifications help you comply with requirements that govern the collection and use of data.
| Certification | Applicable to |
|---|---|
| HIPAA and HITECH Act (US) | Healthcare |
| HITRUST | Healthcare |
| CFTC 1.31 | Financial |
| DPP (UK) | Media |
| EN 301 549 (EU) | Accessibility |
| ENISA IAF (EU) | Public and private companies, government entities, and nonprofits |
| EU-US Privacy Shield | Public and private companies, government entities, and nonprofits |
| ISO/IEC 27018 | Public and private companies, government entities, and nonprofits that provide processing services for personal data via the cloud |
| EU Model Clauses | Public and private companies, government entities, and nonprofits that provide processing services for personal data via the cloud |
| FERPA | Educational institutions |
| FedRAMP High | US federal agencies and contractors |
| GLBA | Financial |
| ISO 27001:2013 | Public and private companies, government entities, and nonprofits |
| My Number Act (Japan) | Public and private companies, government entities, and nonprofits |
| TISAX | Automotive |
| NEN 7510 (Netherlands) | Healthcare |
| NHS IG Toolkit (UK) | Healthcare |
| BIR 2012 (Netherlands) | Public and private companies, government entities, and nonprofits |
| PCI DSS Level 1 | Payment processors and financial |
| SOC 2 Type 2 | Public and private companies, government entities, and nonprofits |
| SEC 17a-4 | Financial |
| Spanish DPA | Public and private companies, government entities, and nonprofits |
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for