Cloudant Security Compliance

Security Compliance Certifications

Cloudant provides a trustworthy and secure cloud database platform. The service is built on best-in-industry standards, including ISO 27001 and ISO 27002.

Top-Tier Physical Platforms

The Cloudant DBaaS is physically hosted on Tier-1 cloud infrastructure providers such as IBM (SoftLayer) and Amazon. Therefore your data is protected by the physical and network security measures employed by our hosting partners, including (but not limited to):

  • Certifications: Compliance with SSAE16, SOC1, ISAE 3402, ISO 27001, CSA, and other standards
  • Identity and access management
  • 24/7 physical security of data centers and network operations center monitoring
  • Server hardening
  • Full-system virus scanning and systems patching
  • Cloudant gives you the flexibility to choose or switch among the different providers as your SLA and cost requirements change.


Cloudant Enterprise, when hosted on IBM Softlayer, meets the required IBM controls that are commensurate with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security and Privacy Rule requirements. These include appropriate administrative, physical, and technical safeguards required of Business Associates in 45 CFR Part 160 and Subparts A and C of Part 164.

International Organization for Standardization (ISO)

ISO certificationCloudant is certified under the International Organization for Standardization (ISO) 27001 standard, which defines the best practices for information security management processes. The ISO 27001 standard specifies the requirements for establishing, implementing, and documenting Information Security Management Systems (ISMS) and the requirements for implementing security controls, according to the needs of individual organizations. The ISO 27000 family of standards incorporates a process of scaling risk and valuation of assets, with the goal of safeguarding the confidentiality, integrity, and availability of the written, oral, and electronic information.
Cloudant is audited by a third-party security firm and meets all of the requirements for ISO 27001: Bluemix ISO 27001:2013 Certificate of Registration.

SOC 2 Certification

SOC 2 certificationIBM provides SOC 2 reports for Cloudant. These reports evaluate IBM's operational controls with respect to criteria set by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. The Trust Services Principles define adequate control systems and establish industry standards for services providers such as SoftLayer to safeguard their customers' data and information.
Customers may request SOC 2 reports from the customer portal or contact our sales team.