We are excited to announce that Astro, the fully managed data orchestration platform designed and operated by the core developers behind Apache Airflow and OpenLineage, is now compliant with HIPAA and PCI-DSS security standards.
Astro is a cloud-native platform that improves the open-source Airflow experience, helping teams build pipelines faster, make sense of their data ecosystems, and reduce operational management and risk. In addition to helping customers meet regulatory requirements and industry standards, Astro’s HIPAA and PCI-DSS-compliance gives customers added confidence that the data they store, transmit, or process is secure while reducing the risk of data breaches and the costly fines that can result.
HIPAA (the Health Insurance Portability and Accountability Act) is a regulation that ensures data privacy and security for the use and disclosure of protected health information. Compliance with HIPAA on Astro works on a shared responsibility model, meaning that public cloud providers, Astronomer, and the customer must each fulfill their obligations — including abiding by a contract called a Business Associate Agreement (BAA) — to ensure proper HIPAA compliance.
PCI-DSS (the Payment Card Industry Data Security Standard), established in 2006, is a set of global security standards for handling credit card data. There are 12 rigorous requirements for PCI-DSS compliance, and meeting them helps protect sensitive data, prevent financial loss, and improve organizational reputation.
Astro’s HIPAA and PCI-DSS compliance builds on its previous AICPA SOC 2 certification and Astronomer’s GDPR (General Data Protection Regulation) compliance. Combined with Astro Runtime, the most secure distribution of Airflow, Astro is the only managed Airflow service suitable for customers requiring high levels of data security and protection.
If you’re running Airflow in regulated environments, let us show you how teams like yours are adopting Astro for their data orchestration needs.