course: Confluent Cloud Security
Maintaining Compliance and Privacy
Throughout this course, it has been noted that certain industries are highly regulated, in particular financial services, healthcare, government, energy, and more. Typically, these industries have certain regulations or specific mandates when it comes to customer, vendor, or confidential data.
Tracking and being compliant can require a significant amount of time and effort on your part.
Here are some of the compliance and privacy regulations that Confluent Cloud provides and maintains for customers:
- SOC 1 Type 2, SOC 2 Type 2, and SOC 3 reports. Service Organization Control compliance for service organizations.
- PCI DSS. The Payment Card Industry Data Security Standards, concerning the processing, storing and transmitting of payment card information.
- CSA. The Cloud Security Alliance, is the leading organization dedicated to secure cloud environment compliance. Confluent Cloud has received the CSA Star Level 1 distinction.
- ISO 27001. The International Organization for Standardization 270001 framework, includes annual surveillance audits for organizations based outside of the United States.
- Financial Services Regulation. A cross-functional stakeholder compliance initiative to evaluate the Confluent Cloud offering in the context of EMEA Financial Services Regulations, in particular the European Banking Authority’s Guidelines on Outsourcing Arrangements as well as other Financial Services and Insurance regulatory frameworks throughout the world. This includes:
- Confluent Cloud – European Regulatory Positions Statement (EBA)
- Confluent Cloud Offering Mapping – EBA Outsourcing Guidelines
- AWS – EBA Financial Services Addendum – Summary and Customer Requests for Documentation
- Microsoft Customer Agreement – Confluent ISV Financial Services Amendment (EBA) – Summary and Requests for Documentation
- Confluent Cloud Services Agreement – Exit Assistance
- TISAX. For those in the German Association of the Automotive Industry, Confluent has been audited and we can provide our TISAX report upon request from: confluent.io/trust-and-security
- GDPR. The General Data Protection Regulation.
- CCPA. The California Consumer Privacy Act.
- HIPAA. The Health Insurance Portability and Accountability Act.
Compliance and privacy constantly evolve, with new regulations and mandates being developed on a regular basis. Confluent.io/trust-and-security provides a breakdown of the regulations and mandates as of publishing. You can review the details of each regulation, and request more information, by clicking Request Documentation at the bottom of the page.