Hello,
We’re continuing to review the SingleStore Managed offering and one aspect we’re now researching is SingleStore Managed’s ability to satisfy PCI and GDPR compliance. In particular with PCI, we’re required to log all database access, DML and DDL statements with tables that contain card holder information. What actually needs logged from these 3 buckets is debatable depending on the auditor but our current auditor is looking for full logging on all these.
Looking thru the documentation here it does not look like SingleStore Managed supports this level of logging nor does it seem like we can implement these using table triggers.
Is there a solution for auditing or triggers coming to SingleStore Managed?
As a business we take privacy seriously & are compliant as a business globally. There is no such thing as a GDPR compliant database, however SingleStore offers all the functionality required to ensure end user data is adequately protected. With the right processes in place you are able to meet all subject access requests too.
SingleStore has a full audit log functionality that logs all DDL/DML/Perf so all that data is available for for customers. We do not have triggers in place or currently the functionality to audit only tables containing specific data types. This is a roadmapped feature to expose a more flexible audit logging API allowing customisation of this type. In the current iteration all this data is logged & accessible to the customer but must be interrogated by the customer to extract the relevant data as defined above.
I altogether like your gave limits as the post you passed on has some extraordinary data which is completely significant for me.