Compare compliance certifications (SOC2, HIPAA, PCI DSS, FedRAMP) across all major clouds.
Showing 20 of 20 features.
| Feature | AWS | Azure | GCP | OCI |
|---|---|---|---|---|
ISO 27001 Global Standards | Certified across all regions and most services | Certified across all regions and services | Certified across all regions and services | Certified across all regions and services |
ISO 27017 / 27018 Global Standards | 27017 (cloud security) and 27018 (PII protection) certified | 27017 and 27018 certified globally | 27017 and 27018 certified globally | 27017 and 27018 certified globally |
SOC 1 / SOC 2 / SOC 3 Global Standards | SOC 1 Type II, SOC 2 Type II, SOC 3 reports available | SOC 1 Type II, SOC 2 Type II, SOC 3 reports available | SOC 1 Type II, SOC 2 Type II, SOC 3 reports available | SOC 1 Type II, SOC 2 Type II, SOC 3 reports available |
CSA STAR Global Standards | CSA STAR Level 2 (Certification) for key services | CSA STAR Level 2 (Certification) and Level 2 (Attestation) | CSA STAR Level 2 (Certification) | CSA STAR Level 2 (Certification) |
PCI DSS Global Standards | Level 1 Service Provider; 100+ PCI-compliant services | Level 1 Service Provider; PCI DSS certified | Level 1 Service Provider; PCI DSS certified | Level 1 Service Provider; PCI DSS certified |
GDPR (EU) Regional Compliance | GDPR-compliant DPA; EU data residency in EU regions | GDPR-compliant DPA; EU Data Boundary for EU data residency | GDPR-compliant DPA; EU regions for data residency | GDPR-compliant DPA; EU sovereign cloud available |
FedRAMP (US) Regional Compliance | FedRAMP High (GovCloud); FedRAMP Moderate (commercial) | FedRAMP High (Azure Government); FedRAMP Moderate (commercial) | FedRAMP High (Assured Workloads); FedRAMP Moderate | FedRAMP High (OCI Government Cloud); FedRAMP authorized |
HIPAA (US Healthcare) Regional Compliance | BAA available; 100+ HIPAA-eligible services | BAA available; 90+ HIPAA-eligible services | BAA available; 90+ HIPAA-covered services | BAA available; HIPAA-compliant services |
SOX Compliance Regional Compliance | SOX-compliant via SOC reports; AWS Audit Manager templates | SOX-compliant via SOC reports; compliance automation | SOX-compliant via SOC reports and compliance controls | SOX-compliant via SOC reports; Oracle compliance heritage |
C5 (Germany) Regional Compliance | BSI C5 attestation for Frankfurt and Ireland regions | BSI C5 attestation for German regions | BSI C5 attestation for EU regions | BSI C5 attestation for Frankfurt region |
IRAP (Australia) Regional Compliance | IRAP PROTECTED assessment for Sydney and Melbourne | IRAP PROTECTED assessment for Australian regions | IRAP PROTECTED assessment for Australian regions | IRAP assessment for Australian regions |
Financial Services Industry-Specific | FINMA, MAS, OSFI guidance; AWS Financial Services Competency | FINMA, MAS, OSFI; Azure for Financial Services | FINMA, MAS guidance; regulated workload support | FINMA, MAS; Oracle Financial Services industry experience |
Government / Defense Industry-Specific | GovCloud (IL5), AWS Secret/Top Secret regions (IL6), ITAR | Azure Government (IL5), Azure Government Secret/Top Secret | Assured Workloads (IL4/IL5); ITAR support | OCI Government Cloud (IL5); ITAR compliant regions |
Healthcare (Beyond HIPAA) Industry-Specific | HITRUST CSF certified; FDA 21 CFR Part 11 support | HITRUST CSF certified; FDA 21 CFR Part 11; NHS (UK) | HITRUST CSF certified; healthcare API with FHIR | HITRUST CSF; Oracle Health (Cerner) integration |
Education (FERPA) Industry-Specific | FERPA compliant; education-eligible services listed | FERPA compliant; Microsoft 365 Education compliance | FERPA compliant; Google Workspace for Education | FERPA compliant; Oracle education solutions |
Compliance Dashboard Tools & Governance | AWS Audit Manager with pre-built frameworks; Security Hub compliance | Microsoft Defender for Cloud regulatory compliance dashboard | Security Command Center compliance reports; Assured Workloads | Cloud Guard with compliance recipes and dashboards |
Policy-as-Code Tools & Governance | AWS Config Rules, CloudFormation Guard, SCP guardrails | Azure Policy with built-in compliance initiatives | Organization Policy Service, Forseti, Policy Intelligence | OCI Security Zones with policy enforcement |
Audit Evidence Collection Tools & Governance | AWS Audit Manager automated evidence collection | Microsoft Purview Compliance Manager with assessments | Assured Workloads compliance monitoring; audit logs | Cloud Guard findings and OCI Audit service records |
Data Residency Controls Tools & Governance | Region selection; S3 Object Lock; data residency guardrails | Azure regions; data residency in-geo by default; EU Data Boundary | Region selection; organization policy constraints for location | Region selection; sovereign cloud for EU data residency |
Compliance Reports Access Tools & Governance | AWS Artifact for downloading audit reports and agreements | Service Trust Portal for compliance reports and white papers | Compliance Reports Manager in console for report access | Oracle Compliance portal for audit reports and certifications |
Compare compliance certifications (SOC2, HIPAA, PCI DSS, FedRAMP) across all major clouds. This tool helps multi-cloud engineers generate valid configurations quickly without consulting documentation, reducing errors and accelerating infrastructure deployment. All processing runs in your browser with no data sent to external servers.
Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.