Compliance
MariaDB is committed to safeguarding the privacy and security of our customers. This includes a robust compliance program that carefully considers data protection matters, including ISO 27001, GDPR and HIPAA requirements. MariaDB operates in accordance with the following compliance requirements:
ISO/IEC 27001:2013
MariaDB has established and maintains an Information Security Management System (ISMS) in accordance with the ISO/IEC 27001:2013 certification standards for SkySQL, MariaDB ID and Remote DBA systems.
ISO/IEC 27001:2013 is a globally recognized standard for the establishment and certification of an Information Security Management System (ISMS). The standard specifies the requirements for the implementation of a continuous security program with adequate and proportionate security controls.
MariaDB’s third party ISO Certification was performed by Coalfire and is available for download here.
HIPAA
MariaDB enables customers that are subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to use MariaDB SkySQL’s database-as-a-service (DBaaS) to process, maintain and store protected health information (PHI).
HIPAA provides federal data privacy and security safeguards for PHI. It applies to organizations that are HIPAA “covered entities,” including healthcare providers, health plans and healthcare clearinghouses.
The HIPAA requirements also extend to “business associates,” or businesses that work with the covered entities to create, receive, maintain or transmit PHI. Business associates are required to enter into a Business Associate Addendum (BAA) with covered entities to ensure that PHI is adequately protected. Under the HIPAA regulations, MariaDB and other database service providers are considered business associates.
To begin the process of entering into a BAA with MariaDB for MariaDB SkySQL, please speak to your sales representative or contact us at legal@mariadb.com.
Please note that each customer is responsible for independently evaluating its own use of MariaDB’s services as appropriate to support its legal and compliance obligations. There is no certification recognized by the U.S. Department of Health and Human Services for HIPAA compliance, and complying with HIPAA is a shared responsibility between the customer and MariaDB.
GDPR
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that regulates the use of personal data of EU residents and provides individuals rights to exercise control over their data. We are committed to our customers’ success, including supporting their GDPR compliance efforts. Additional information can be found in our Privacy Policy and GDPR FAQ.
Data Processing Addendum
We make it easy to sign and submit the MariaDB Data Processing Addendum (DPA). MariaDB offers a DPA as a means of meeting GDPR adequacy and security requirements. The DPA is pre-signed by MariaDB; you can submit it by sending a signed copy to legal@mariadb.com.
Infrastructure Subprocessors
MariaDB owns and controls logical access to the infrastructure maintained by the entities set forth below, while these entities maintain the physical security of the servers, network and data center. You can opt in to receive an email notification upon changes to our subprocessors via the form below.