Regions Not Included in the Cloud Provider Compliance Report

On occasion, cloud providers (AWS, GCP, and Azure) may release regions before they are formally included in their compliance reports, and NetApp Instaclustr may add support for them prior to their certification. After conducting a risk assessment, Instaclustr may add regions to the platform before they are included on the compliance reports if it is deemed to be low risk. In these circumstances customers need to be aware and accept any risks before operating in these regions.  

Generally, these regions have only been very recently released by the cloud provider and have not yet passed through the required formal compliance checks to be included in the compliance documentation. Other documents describe the ongoing system and environment controls of cloud providers between report cycles, but they are not audited compliance reports. NetApp Instaclustr does not view these documents as sufficient to assert that customers can rely on them for compliance. Customers should review the cloud provider documentation directly to assess their compliance with requirements. 

NetApp Instaclustr will employ the same security procedures, controls, and auditing process on clusters which operate in these regions when compared with equivalent clusters created in regions which do appear on compliance reports.  

The following describe regions supported on the Instaclustr platform which are not yet covered by relevant compliance reports:  

Customers who choose to operate in these regions on the NetApp Instaclustr platform need to be aware of the compliance risk and evaluate if they are suitable for their security and compliance requirement. NetApp is unable to provide any timelines on when Cloud Providers may add these regions to their compliance documentation, and customers need to manage the ongoing risk.  

If you have any questions, please reach out to Instaclustr Support.