Trust Center
Data security has always been our top priority. OceanBase protects your critical workloads with enterprise-grade security protocols, dedicated SRE teams, and continuous third-party audits. We maintain comprehensive industry certifications to ensure your data remains safe, compliant, and highly available.
Security Feature
Identity Authentication
OceanBase supports a comprehensive identity authentication mechanism, with comprehensive password complexity strategies and login failure processing strategies.
Access Control
OceanBase supports complete role management and permission management strategies, and supports network whitelist functions, etc.
Communication Encryption
The communication between OceanBase components and between customer applications and OceanBase databases supports encrypted transmission.
Storage Encryption
OceanBase supports transparent data encryption (TDE), which automatically encrypts data when it is stored on disk and automatically decrypts it when it is read.
Diagnostics and Auditing
OceanBase supports comprehensive SQL diagnostic functions, which can view topsql, slowsql, suspicious sql, and high-risk sql. It also supports SQL auditing functions, which can save SQL execution records for a long time.
Security Whitepaper
OceanBase Cloud Security Whitepaper
Learn about security controls, platform measures, information security programs, and more
OceanBase Shared Responsibility Model
Learn about shared responsibility between a customer and OceanBase as a cloud provider
Benefits
Cybersecurity
OceanBase has a professional security team responsible for the operation and management of network security, including network boundary management, host protection, vulnerability scanning, penetration testing, and emergency response after security incidents.
Data Security
OceanBase has established a complete process system covering the entire life cycle of data protection, and uses technical mechanism to safeguard the company's physical security, computer security and data security.
Sensitive Data Collection
OceanBase collects and uses users' personal data based on the principle of minimization, and safely stores the collected user data. Users can also contact us at any time to delete their personal data.
Employee Secuirty Training
OceanBase conducts background investigation/chekcs for its employee and requires employees who serve customers to take continuous security training.
Data Processing Addendum
Before purchasing OceanBase Cloud Services, customers need to sign Data Processing Addendum, which divides the responsibilities for processing personal data uploaded by customers to the database. As the controller of data, customers need to ensure that their data processing, data storage and data distribution comply with applicable laws and regulations.
Availability
SLA Commitment
Through the construction of various high-availability capabilities, OceanBase cloud service promises SLA of no less than 99.99%, for more detail information, please refer to Service Level Agreement.
Multi-cloud Deployment
To avoid the failure of a single cloud vendor affecting service availability, OceanBase cloud services support multi-cloud deployment. Currently, it supports mainstream cloud vendors in the industry, such as Alibaba Cloud, Tencent Cloud, Huawei Cloud, AWS Cloud, and GCP Cloud.
Multi-copy Deployment
OceanBase cloud service adopts multi-copy deployment, and the Paxos protocol is used to synchronize log data between multiple copies. When the primary copy is unavailable, the secondary copy supports autonomous election of the primary copy. Multiple copies can be deployed across data centers (availability zones), thus avoiding the impact of failure in a single data center (availability zone).
Active/standby Cluster
OceanBase cloud service supports cross-city (Region) master-slave cluster deployment. When the availability zone of the primary city is unavailable, the cluster in the backup city can be enabled to provide services, thereby achieving remote disaster recovery.
Compliance
OceanBase has successfully completed the first adherence process for the EU Cloud Code of Conduct (EU Cloud CoC). This achievement showcases OceanBase’s commitment to transparently demonstrate how OceanBase Cloud services meet GDPR compliance requirements.
The EU Cloud CoC is a comprehensive framework that enables cloud providers to legally demonstrate their GDPR compliance efforts and by that promotes standardization, transparency, and accountability. Greenlit by the European Data Protection Board (EDPB), the Code has become a trusted benchmark for safeguarding personal data, supporting risk assessments, and harmonizing compliance practices across the cloud industry.
To achieve adherence to the Code, cloud providers must undergo a robust compliance assessment performed by an independent, accredited monitoring process. This recognition underscores the company's dedication to delivering secure and reliable cloud services, enabling customers to benefit from transparency, consistency, and legal certainty.
To gain further insights on OceanBase’s adherence, access the EU Cloud CoC Public Registry and download the Public Report.
ISO27001 stipulates the best practices for the establishment and implementation of information security management systems (ISMS).
OceanBase has perfected the management of the company's physical security, network security and data security. OceanBase invited the British Standards Institution (BSI) to review the company's information security management system and obtained the certificate.
ISO27701 is a management system for privacy data protection and a guide for establishing, implementing, maintaining and continuously improving a privacy information management system (PIMS).
As a data controller, OceanBase complies with applicable laws and regulations in the collection, use and storage of personal data. As a data processor, OceanBase provides technical support for customers to process personal data. OceanBase provides a series of security capabilities to enhance the security of customer personal data and defines the responsibilities of OceanBase and its customers for data processing through data processing addendum. OceanBase invited the British Standards Institution (BSI) to review the company's privacy information management system and obtained the certificate.
ISO27018 provides best practices for personal data processors to protect personal data in public cloud environments.
OceanBase public cloud services provide database services to many customers. To protect the security of customer personal data, OceanBase has formulated a series of systems and established a dedicated SRE team and security team. OceanBase invited the British Standards Institution (BSI) to review the company's public cloud personal information protection management system and obtained the certificate.
ISO9001 certification is a globally recognized quality management system (QMS). ISO9001 provides a complete framework and methodology that can help companies provide customers with continuous high-quality products and services, and can also ensure that the company's daily management complies with legal and regulatory requirements.
OceanBase has implemented a quality management system (QMS) to safeguard the consistency of products and services. OceanBase invited CEPREI to review the company's quality management system and obtained the certificate.
ISO20000 is an IT service management system (ITSM). ISO20000 manages IT issues through "IT service standardization", develops service plans based on service level agreements (SLAs), and monitors the implementation of service plans.
OceanBase provides an L1-L2-L3 level after-sales service system that can provide customers with 7*24 hours of uninterrupted service. OceanBase conducts customer service satisfaction surveys twice a year and makes continuous improvements based on the survey results. OceanBase invited CEPREI to review the company's service management system and obtained the certificate.
The ISO22301 management system framework can help enterprises develop an integrated management process, enable enterprises to identify and analyze potential disasters, and provide an effective management mechanism to prevent or offset these threats and reduce the losses caused by disasters to enterprises.
OceanBase completes business continuity risk assessments every year and develops emergency response plans for identified important risks. OceanBase conducts regular drills based on the emergency response plans. OceanBase invited CEPREI to audit the company's business continuity management system and obtained the certificate.
SOC is formulated by the American Institute of Certified Public Accountants (AICPA) and covers five aspects: security, availability, confidentiality, integrity, and privacy. The purpose is to ensure that service providers can manage data securely and protect the privacy and interests of users.
OceanBase invites Ernst & Young as a third-party to audit corporate governance, security capabilities, operation and maintenance processes every year, and provide OceanBase cloud services with SOC Type II reports on security, availability, and confidentiality.
PCI DSS is an information security standard developed by the PCI Standards Security Council and is applicable to companies that transmit, store, and process cardholder data.
OceanBase invites Atsec as a third-party organization to audit the company's security governance every year. After the audit, it is determined that OceanBase cloud service complies with the PCI DSS standard and becomes a PCI DSS certified service provider. Therefore, if you need to pass the PCI DSS certification, after using the OceanBase cloud database service, you can submit the AOC report of the OceanBase cloud database to the Qualified Security Assessor which can simplify database testing.