Trust center

Customers looking for increased security for protected health information (PHI) can now onboard to ClickHouse Cloud HIPAA compliant regions in AWS and GCP. ClickHouse has implemented administrative, physical and technical safeguards prescribed by the HIPAA Security Rule and has configurable security settings that can be implemented, depending on your specific use case and workload. For more information on available security settings, please review our Security Shared Responsibility Model.

Services are available in specially designated zones in AWS us-east-1, AWS us-west-2, and GCP us-central1, GCP us-east1 to customers in our Enterprise tier and require a Business Associate Agreement (BAA). Contact sales or support to request access to this feature or join the wait list for additional regions or Azure.

We are proud to announce the availability of our 2024 SOC 2 Type II report and updated ISO 27001 certificate, both of which include our recently launched services on Azure as well as continued coverage of services in AWS and GCP.

Our SOC 2 Type II demonstrates our ongoing commitment to achieving security, availability, processing integrity and confidentiality of the services we provide to you. We follow a rigorous process to design with these commitments in mind, perform continuous monitoring to ensure effectiveness of the program, and update as we add services. These processes are deeply integrated with our ISO 27001:2022 Information Security Management System (ISMS), which provides the basis for our system of controls.

For more information, check out SOC 2 - SOC for Service Organizations: Trust Services Criteria issued by the American Institute of Certified Public Accountants (AICPA) and What is ISO/IEC 27001 from the International Standards Organization (ISO).