TencentDB for PostgreSQL has passed and meets the security requirements of the following certifications:
Some features of TencentDB for PostgreSQL are designed based on the following standards:
Management and technical security requirements of TencentDB for PostgreSQL comply with China's Cybersecurity Classified Protection (Level 3). Some of the product features meet the standards of Classified Protection of Information System of Financial Industry (Level 4).
To improve the security of database server system and ensure the security of various OPS activities, Tencent Cloud has implemented a series of security reinforcement measures, including but not limited to:
For TencentDB management systems and admins, a discretionary access control scheme is implemented, including but not limited to:
A comprehensive security audit and risk management mechanism is provided: audit features include but are not limited to audit for database operations, management system operations, file operations, external device operations, unauthorized external connections, IP address changes, and services and processes. The audit range covers each operating system user and database user in the server, with crucial security-related system events audited, such as Tencent Cloud admin behaviors, exceptional system resource usage, and use of important system commands. Audit records contain information like event date, time, type, subject ID, object ID, and result, and can be stored for over a year in a location with a higher level of security in order to avoid unexpected deletion, modification, or overwriting.
Tencent Cloud takes multi-dimensional approaches to intrusion prevention for database servers:
TencentDB provides data backup and restoration features by default. Full backup is performed at 1:00 AM every day and retained for 7 days (features such as automatic backup, custom backup retention period, and COS backup service will be available in the future). The xlog files will be automatically backed up when you perform operations and retained for 7 days. The backup files can be downloaded in Backup Management on the instance management page in the console. Full backup files are in the backup list, and xlog files required for incremental backup are in the xlog list. Data can be restored through full backup and xlog files. For more information, please see Restoring PostgreSQL Data on CVMs.
For returned or replaced devices, Tencent Cloud will clear the residual information promptly, so that the storage capacity (memory and disk) where the previous user's sensitive information such as authentication information, files, directories, and database records is stored will be released in time or completely cleared before the devices are reassigned to other users.
Tencent Cloud's internal OPS personnel are required to go through a two-factor authentication and non-repudiation process when logging in to the system. All the personnel involved have signed a NDA.