PCI onboarding
PCI compliance is available in the Enterprise plan. To upgrade, visit the plans page in the cloud console.
ClickHouse offers services that are compliant with the Payment Card Industry Data Security Standard (PCI-DSS) and is audited to Level 1 Service Provider requirements. Customers may process primary account numbers (PAN) within these services by enabling this feature and deploying services to a compliant region.
For more information about ClickHouse's compliance program and third party audit report availability, review our compliance overview. For a copy of our PCI shared responsibility document, visit our Trust Center. Additionally, customers should review our security features page to select and implement appropriate security controls for their workloads.
This page describes the process for enabling deployment of PCI compliant services in ClickHouse Cloud.
Sign up for Enterprise services
- Select your organization name in the lower left corner of the console.
- Click Billing.
- Review your Plan in the upper left corner.
- If your Plan is Enterprise, then go to the next section. If not, click Change plan.
- Select Switch to Enterprise.
Enable PCI for your organization
- Select your organization name in the lower left corner of the console.
- Click Organization details.
- Toggle Enable PCI on.
- Once enabled, PCI services can be deployed within the organization.
Deploy services to PCI compliant regions
- Select New service in the upper left corner of the home screen in the console
- Change the Region type to HIPAA compliant
- Enter a name for the service and enter the remaining information
For a complete listing of PCI compliant cloud providers and services, review our Supported cloud regions page.
Migrate existing services
Customers are strongly encouraged to deploy services to compliant environments where required. The process to migrate services from a standard region to a PCI compliant region involves restoring from a backup and may require some downtime.
If migration from standard to PCI compliant regions is required, follow these steps to perform self-service migrations:
- Select the service to be migrated.
- Click Backups on the left.
- Select the three dots to the left of the backup to be restored.
- Select the Region type to restore the backup to a PCI compliant region.
- Once the restoration is complete, run a few queries to verify the schemas and record counts are as expected.
- Delete the old service.
Services must remain in the same cloud provider and geographic region. This process migrates the service to the compliant environment in the same cloud provider and region.
