Redis Labs is SOC 2 Compliant

We are excited to announce that Redis completed the SOC 2 Type II compliance audit.

Redis attaches a lot of importance to data protection and security. The SOC 2 compliance audit further fulfills the commitment Redis has towards delivering a high degree of trust and security to its customers.

What is SOC 2 compliance?

Service Organization Control (SOC) 2, set by The American Institute of CPAs (AICPA), verifies service organizations for assurances about security, availability, processing integrity, confidentiality and privacy.

How does it benefit you?

Redis offers Redis Enterprise databases both as software and a service. The Redis Enterprise Database as a Service(DBaaS) is available in two models: (1) Cloud (Hosted) service where Redis manages your database services and data, and (2) VPC (Managed) service where Redis manages the database service in your virtual private cloud.

Both DBaaS models are included in the SOC 2 compliance, which assures:

  • Secure infrastructure: Redis Enterprise provides multi-layered security configurations that leverages the security principles of the underlying cloud platform. Redis Enterprise also allows data encryption in transit and in storage.
  • Data privacy and PII protection: The Redis Enterprise architecture provides separate paths for administrative access and data access. This differentiation enables Redis Enterprise to keep information private from the operations team. The Redis operations team managing the Redis Enterprise-as-a-Service can access only the management interface; the data layer is completely isolated.
  • Procedures for access control: Redis enforces proper procedures for authentication and access controls. Role-based authentication ensure enforcement of adequate access controls.
  • Service availability: Redis Enterprise has effective controls in place to prevent service disruptions due to unforeseen events such as TCP-connection flooding, buffer overflow, memory overflow, CPU overutilization, etc.

Redis’ SOC 2 compliance takes you closer to meeting the other compliance requirements that are relevant to your industry or territory.