Security Compliance Certifications report for internal audit clearance for OSD/ROSA/ARO clusters

Resolution

Disclaimer: Links contained herein to external website(s) are provided for convenience only. Red Hat has not reviewed the links and is not responsible for the content or its availability. The inclusion of any link to an external website does not imply endorsement by Red Hat of the website or their entities, products or services. You agree that Red Hat is not responsible or liable for any loss or expenses that may result due to your use of (or reliance on) the external site or content.

For ARO, please refer to the Azure compliance documentation.

For OSD and ROSA, it's needed to open a support case on the Red Hat Customer Portal including below information as per the requirement:

• Provide a Non-Disclosure Agreement (NDA) or Enterprise Agreement so that SOC 2/ ISO 27001 / PCI-DSS report can be shared.

• Is the request for a certificate or attestation?

• Please provide the certification program are you requesting:

  • ISO 27001 / SOC 2 / PCI-DSS / Other (please provide details)

• Please detail the business need for this request:

  • Is this request for a potential Client / Sales / Marketing / Legal /Other (please provide details)

• Please provide the recipient information to include if this request is for an internal group or external client. If this request is for an external client, please provide the additional information as follows:

Business Name
Contact Name
Contact Number
Email Address

In addition to the above, while SOC 2 reports are restricted use reports with regards to whom they may be shared, a SOC 3 report provides assurance about the same controls relevant to security, availability, processing integrity confidentiality, or privacy. It can be made available to the public and freely distributed.