The following statement is hereby made for this document.
- This document is intended to provide an overview of Tencent Cloud's security measures for TencentDB products and services, which are subject to change. If you have any mandatory requirement, you are recommended to enter into a service level agreement (SLA) with Tencent Cloud. Tencent Cloud makes no guarantees or warranties, express or implied, about the content of this document.
- This document only involves "part of" the technical security features among the wide range of security features.
- This document is not intended as a reference document for national or industry-specific information security standards or requirements.
- This document has been adapted for readability. In the event of any ambiguity or inaccuracy, please refer to Item 1.
- Tencent Cloud reserves the right to interpret this document.
TencentDB has passed and meets the security requirements of the following certifications:
Some features of TencentDB are designed based on the following standards:
Management and technical security requirements of TencentDB comply with China's Cybersecurity Classified Protection (Level 3). Some of the product features meet the standards of Classified Protection of Information System of Financial Industry (Level 4).
To improve the security of database server system and ensure the security of various OPS activities, Tencent Cloud has implemented a series of security reinforcement measures, including but not limited to:
For TencentDB management systems and admins, a discretionary access control scheme is implemented, including but not limited to:
A comprehensive security audit and risk management mechanism is provided: audit features include but are not limited to audit for database operations, management system operations, file operations, external device operations, unauthorized external connections, IP address changes, and services and processes.
The audit range covers each operating system user and database user in the server, with crucial security-related system events audited, such as Tencent Cloud admin behaviors, exceptional system resource usage, and use of important system commands. Audit records contain information like event date, time, type, subject ID, object ID, and result, and can be stored for over a year in a location with a higher level of security in order to avoid unexpected deletion, modification, or overwriting.
Tencent Cloud takes multi-dimensional approaches to intrusion prevention for database servers:
TencentDB provides data backup and restore features by default.
For returned or replaced devices, Tencent Cloud will clear the residual information promptly, so that the storage capacity (memory and disk) where the previous user's sensitive information such as authentication information, files, directories, and database records is stored will be released in time or completely cleared before the devices are reassigned to other users.
Tencent Cloud's internal OPS personnel are required to go through a two-factor authentication and non-repudiation process when logging in to the system. All the personnel involved have signed a NDA.