Compliance achievements give SaaS businesses and enterprises third-party validation of the rigorous Citus Cloud database security practices

SAN ​​FRANCISCO, Nov. 13, 2018 - ​​​​Citus Data, a leading provider of scale-out Postgres database technologies, today announced that Citus Cloud, its fully-managed database as a service, can be used to manage protected health information (PHI), and to build HIPAA-compliant applications on top of Postgres. This means that customers who process, maintain, and store PHI data can now build applications on top of the Citus Cloud database as a service, confident they will meet healthcare compliance requirements of the Health Insurance Portability and Accountability Act (HIPAA). As part of Citus Cloud’s HIPAA support, customers can now execute a Business Associate Agreement (BAA) with Citus Data.

In addition, Citus Data is announcing that its Citus Cloud database as a service has achieved a SOC 2 Type 2 report. The Citus Cloud database as a service is audited at least annually against the SOC reporting framework by an independent third-party auditor—and achieved the SOC 2 Type 2 report earlier in 2018. The SOC 2 Type 2 compliance audit covers controls for Security, Availability, and Confidentiality. Now, enterprises and SaaS businesses who need the performance and scale of a distributed Postgres database can use the Citus Cloud database as a service with increased confidence in the Citus Cloud team’s security practices.

“By enabling developers to build HIPAA-compliant applications on top of Postgres, and by achieving our SOC 2 Type 2 report, we’ve validated that the Citus Cloud database as a service is a trusted solution for working with even the most sensitive personal data,” said Citus Data VP of Marketing Claire Giordano. “Regardless of sector or size of organization, we give our Citus Cloud customers a way to grow their applications without worrying about how to scale their database. We are pleased to announce we are bringing this same peace of mind to healthcare and to applications where compliance matters.”

“As a fast-growing business that handles sensitive consumer data, we take compliance very seriously in order to earn, and keep, our clients’ trust,” said Seamus Abshere, CTO at Faraday. “Therefore, HIPAA compliance and the SOC 2 Type 2 report are key certifications we look for in our vendors. The fact that the Citus Cloud database supports HIPAA-compliant applications and has achieved the SOC 2 Type 2 report was an important factor in deciding how to scale out our Postgres database in the cloud.”