Cloudera strives to follow, and to help establish, best practices for the protection of customer-sensitive information. Cloudera takes reasonable measures to help protect sensitive information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. We follow generally accepted industry and international standards to protect information submitted to us, during transmission and once it is received. In this effort, Cloudera continuously reviews and improves our security practices, infrastructure, and data-handling policies for compliance with industry security regulations and industry best practices such as ISO 27001 and SOC 2, PCI and HIPAA.
Cloudera’s Information Security Management System follows ISO 27001 standards for the security of its operational processes and establishes the security controls required to meet the highest level of customer confidence in its security practices. Cloudera has received third-party certification under ISO 27001:2013, covering CDP Public Cloud which is composed of the CDP Management console, Data Hub, Cloudera Runtime, Data Warehouse, Machine Learning, Data Engineering, Shared Data Experience (SDX), Data Lake, Data Catalog, Replication Manager, and Workload Manager.
Click to request Cloudera's ISO Certificate from our auditing firm (Certificate Number: 00395-002) or contact Cloudera Sales
SOC 2 Type 2 Examination
Cloudera has successfully completed an SOC 2 Type II Service Organization Control (SOC 2) examination for CDP Public Cloud in accordance with attestation standards established by the American Institute of Certified Public Accountants (AICPA). Conducted by Frank Rimerman + Co. LLP, an independent cyber risk and IT advisory services firm, the findings affirm that Cloudera’s CDP Public Cloud platform meets the SOC 2 standards relative to the Security Trust Services Principle and Criteria.
The SOC 2 report provides assurance to Cloudera and its customers that the company has designed and implemented effective security controls, as defined in the SOC 2 standards, relative to certain of its cloud offerings. During the examination, the independent auditors evaluated and tested controls over the following domains:
Organization and management
Risk management and design and implementation of controls
Monitoring of controls
Logical access controls
To view the SOC 2 Type 2 Report, submit a request to Cloudera Sales.
Cloudera, Inc. is a participant in the Trusted Information Security Assessment Exchange (“”) with a completed assessment for Cloudera Data Platform - Public Cloud.
TISAX is a common assessment and exchange mechanism established by the German Association of the Automotive Industry (Verband der Automobilindustrie, “VDA”) for the purposes of facilitating evaluations against the VDA Information Security Assessment (“VDA ISA”), a catalogue of common criteria for assessing information security for the wide range of suppliers to the automotive industry.
The ENX Association implements and supports TISAX on behalf of the VDA. TISAX assessments are conducted by audit providers that are accredited by the ENX Association at regular intervals. TISAX and TISAX results are not intended for the general public.
Cloudera values the importance of maintaining the confidentiality, availability and integrity of information. With this in mind, Cloudera had a TISAX assessment completed for our Cloudera Data Platform - Public Cloud product in accordance with the VDA ISA. Our TISAX assessment was conducted by TÜV SÜD Management Service GmbH, an audit provider accredited by the ENX Association.
Participant ID - PHKFZ2/ScopeID - SLLZW2
PCI DSS 3.2 SAQ-A
Cloudera follows Payment Card Industry (PCI) Data Security Standards (DSS) 3.2 standards for credit card handling. Compliance with PCI DSS 3.2 has been independently addressed by Cloudera internal.
Cloudera provides training for it's software to business customers via ServiceRocket's LearnDot LMS application. Payments for these training courses are handled by ServiceRocket through a redirect to Stripe. Customers and Partners also pay for certain Partnerworks Fee programs via Paypal. In both cases, no cardholder data is returned from the payment processors. Cardholder data is not written to or stored to hard drive, file, or database or any other system components in Cloudera environment during processing or after authorization. In certain instances where customer wishes to pay via credit card for their regular Cloudera software subscription purchases, the customer is redirected to Paypal's website. When the redirect from Cloudera to Paypal occurs, strong encryption is utilized on PayPal’s website and the customer’s browser. Customer then enters the credit card number, expiration date, card verification values and billing address directly onto Paypal's website for payment authorization.
Paypal’s website is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM). Post authorization Paypal returns a transaction ID to Cloudera.
Cloudera follows the Health Insurance Portability and Accountability Act of 1996 (HIPAA) standards for protecting the privacy and security of certain health information, HIPAA Privacy Rule, and the HIPAA Security Rule. While Cloudera does not store, process, or transmit electronic protected health information (ePHI) on behalf of its customers, Cloudera will follow the Security Rules in the event that Cloudera is inadvertently exposed to ePHI while performing services for a customer.
The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting electronic protected health information. Specifically, covered entities must take steps to:
Ensure the confidentiality, integrity, and availability of all ePHI they create, receive, maintain, or transmit;
Identify and protect against reasonably anticipated threats to the security or integrity of the information;
Protect against reasonably anticipated, impermissible uses or disclosures; and
Ensure compliance by their workforce.