MongoDB Cloud Services
Compliance and Privacy

MongoDB Cloud Services have been independently audited and confirmed to meet privacy and compliance standards that test for data safety, privacy, and security. MongoDB, Inc. is committed to the highest levels of trust, transparency, standards conformance, and regulatory compliance. Our suite of cloud services are built from the ground up to address the most rigorous security and privacy demands of our customers.

SOC

The American Institute of Certified Public Accountants (AICPA) has developed the Service Organization Controls (SOC) framework, a standard for controls that safeguard the confidentiality and privacy of information stored and processed in the cloud. This aligns with the International Standard on Assurance Engagements (ISAE), the reporting standard for international service organizations.


A SOC 2 audit gauges the effectiveness of a cloud service provider’s (CSP) system based on the AICPA Trust Service Principles and Criteria. An Attest Engagement under Attestation Standards (AT) Section 101 is the basis of SOC 2 report.

At the conclusion of a SOC 2 audit, the service auditor renders an opinion in a SOC 2 Type 1 report, which describes the CSP’s system and assesses the fairness of the CSP’s description of its controls. It also evaluates whether the CSP’s controls are designed appropriately and were in operation on a specified date.

MongoDB covered cloud services are audited at least annually against the SOC reporting framework by independent third-party auditors. The audit for MongoDB cloud services covers controls for data security as applicable to in-scope trust principles for each service.

MongoDB has achieved the SOC 2 Type 1 report for MongoDB Atlas. In general, the availability of the SOC 2 report is restricted to customers who have signed nondisclosure agreements with MongoDB.

EU-U.S. Privacy Shield

The EU-U.S. Privacy Shield is a legal mechanism designed by the U.S. Department of Commerce and the European Commission that enables transfers of personal data from the EU to the United States. MongoDB complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States.


To learn more about the Privacy Shield program, and to view our certification, click here.

MongoDB’s participation in the Privacy Shield applies to all personal data that is processed as part of MongoDB’s cloud-based services and is received from the European Union and European Economic Area. MongoDB will comply with the Privacy Shield Principles in respect of such personal data.

We encourage you to contact us should you have a Privacy Shield-related (or general privacy-related) question.


MongoDB Cloud Services run on top of Amazon Web Services, Microsoft Azure, and Google Cloud Platform; each cloud provider undergoes its own series of independent third-party audits on a regular basis.