MongoDB Cloud Services have been independently audited and confirmed to meet privacy and compliance standards that test for data safety, privacy, and security. MongoDB, Inc. is committed to the highest levels of trust, transparency, standards conformance, and regulatory compliance. Our suite of cloud services are built from the ground up to address the most rigorous security and privacy demands of our customers.
A SOC 2 audit gauges the effectiveness of a cloud service provider’s (CSP) system based on the AICPA Trust Service Principles and Criteria. An Attest Engagement under Attestation Standards (AT) Section 101 is the basis of SOC 2 report.
At the conclusion of a SOC 2 audit, the service auditor renders an opinion in a SOC 2 Type 1 report, which describes the CSP’s system and assesses the fairness of the CSP’s description of its controls. It also evaluates whether the CSP’s controls are designed appropriately and were in operation on a specified date.
MongoDB covered cloud services are audited at least annually against the SOC reporting framework by independent third-party auditors. The audit for MongoDB cloud services covers controls for data security as applicable to in-scope trust principles for each service.
MongoDB has achieved the SOC 2 Type 1 report for MongoDB Atlas. In general, the availability of the SOC 2 report is restricted to customers who have signed nondisclosure agreements with MongoDB.
EU-U.S. Privacy Shield
To learn more about the Privacy Shield program, and to view our certification, click here.
MongoDB’s participation in the Privacy Shield applies to all personal data that is processed as part of MongoDB’s cloud-based services and is received from the European Union and European Economic Area. MongoDB will comply with the Privacy Shield Principles in respect of such personal data.
We encourage you to contact us should you have a Privacy Shield-related (or general privacy-related) question.
MongoDB Cloud Services run on top of Amazon Web Services, Microsoft Azure, and Google Cloud Platform; each cloud provider undergoes its own series of independent third-party audits on a regular basis.