Cloudera Trust Center
Ensuring the highest standards in data and privacy protection
Our commitment to security compliance
We build a secure and compliant environment for our customers by:
Selecting the most relevant industry standards and attestations for our products and services and continue to develop and expand our security and compliance portfolio.
Implementing and maintaining security policies and procedures based on industry best practices and regulatory requirements.
Performing regular audits and risk assessments to monitor for security and changes in the environments, and to identify new and emerging risks to test our policies.
Certifications
Cloudera is committed to protecting your data through robust compliance programs and industry best practices. We validate our efforts with third-party audits and certifications, proactively manage threats, and optimize resources with clear policies and controls. This approach maximizes system uptime and helps our customers meet critical security and privacy standards.
SOC2
SOC 2, developed by AICPA, assesses the information security controls of service providers to manage risks in outsourced services handling customer data.
ISO/IEC 27001:2022
ISO/IEC 27001 outlines requirements for creating, maintaining, and improving an ISMS to help organizations secure their information assets.
PCI 4.0
Payment Card Industry (PCI) provides standards to protect cardholder data. Companies that accept, store, transmit, or effect the security of the cardholder environment must comply with PCI standards.
FedRAMP (In-Progress)
FedRAMP sets security standards for cloud products used by U.S. government agencies. Cloudera is currently "In Process" with our Cloudera for Government offering.
CyberEssentials+
CyberEssentials+ provides a strong baseline for cybersecurity for organizations in the UK.
TISAX
TISAX is a security standard for the automotive industry, ensuring manufacturers, suppliers, and service providers meet specific info security requirements for secure data exchange.
StateRAMP (In-Progress)
StateRAMP establishes security standards for cloud solutions used by state and local governments.
Customer Trust Center
The security of your data is essential.
Our Customer Trust Center is designed to provide you with comprehensive insights into how we safeguard your data and maintain your privacy. The site is regularly updated with the latest information about our security practices, privacy policies, and compliance program information. We invite you to visit this section frequently to stay up-to-date and informed.
Our Customer Trust Center provides you with:
60+ documents, including policies, procedures, and certifications.
250+ answers to frequently asked security-related questions
Security questionnaire automation
Comprehensive search capabilities that allow users to search across all documents and FAQs
Risk management
By implementing risk management processes, organizations can mitigate potential risks by addressing them before they escalate into significant issues.
Cloudera risk management program:
A proactive approach
Cloudera’s comprehensive risk management program is designed to effectively manage risks to our organization’s valuable assets. This program enables us to ensure business continuity despite the potential threats facing us. We use an integrated control and risk framework to provide a structured approach to our risk management process and to provide awareness about risk management across the organization. More information on our risk management process can be found within our Risk Management Policy.
Key benefits
Asset protection. Ensuring the integrity of our systems and security of sensitive data.
Customer trust. Building confidence in our organization through our security focus.
Regulatory compliance. Adhering to regulatory requirements to build trust and reliability.
Organizational resilience. Adapting quickly to the changes in the threat landscape.
Enhanced risk awareness. Promoting engagement with teams across the organization.
Continuous improvement. Enhancing current risk strategies on an ongoing basis.
Cloudera risk management process overview
Cloudera’s risk management process contains several steps from the identification of risks to the continuous monitoring of the risks within the organization.
The steps include:
1. Risk identification: Noting any internal or external risks that could potentially impact Cloudera is the first step of the risk management process. Identified risks are documented in a centralized risk register.
2. Risk assessment/analysis: Using qualitative and quantitative analysis, Cloudera reviews each risk found during the risk identification phase to determine the likelihood that the risk will be realized and the severity of impact. Risks are prioritized based on the outcome of this analysis.
Intake criteria includes:
Probability of occurrence
Financial impact
Reputational impact
Legal / regulatory impact
Customers in scope
Operational impact
3. Risk mitigation: During the mitigation phase, Cloudera teams develop strategies to reduce the probability of risks and their impacts. Risk mitigation involves introducing or modifying security controls.
4. Implementation/treating the risk: Risk Treatment strategy is used for those risks that are above the acceptable risk threshold. A risk treatment plan is created which includes assigning responsibilities and allocating resources to ensure effective execution of these strategies.
5. Monitoring and review: Regular monitoring and review of the risks is an ongoing process in which Cloudera evaluates the effectiveness of the risk management methods that have been established. Ultimately, the goal is to ensure that the risk management plan remains relevant despite changes to internal and external factors.
Third-party risk management
A key component to our risk management program is our risk assessment of third-party vendors. Cloudera provides:
Fourth-party monitoring for critical vendors
Continuous security score monitoring in accordance with NIST 800-53 rev. 5
Annual screening / vendor reviews, and confirmation prior to renewal
Legal
Cloudera ensures customer privacy by complying with legal compliance regulations.
GDPR
The European Union General Data Protection Regulation (GDPR) is a comprehensive data privacy and security law that protects personal data of individuals in the European Union (EU) or European Economic Area (EEA). Substantial fines are issued against those who violate its privacy and security standards.
CCPA
California Consumer Privacy Act (CCPA) is a set of regulations that protect the data privacy rights of California residents.