Auditing, privacy, and compliance

Databricks has features that allow you to audit and monitor detailed usage patterns. Not all audit and monitoring features are available on all pricing tiers. The following table contains an overview of the features and how they align to pricing plans.

Feature

Pricing tier

Audit logs

Premium

Compliance security profile

Enterprise

HIPAA compliance controls

Enterprise

PCI-DSS compliance controls

Enterprise

FedRAMP Moderate compliance controls

Enterprise

Infosec Registered Assessors Program (IRAP) compliance controls

Enterprise

Enhanced security monitoring

Enterprise

Audit log schemas for security monitoring

Enterprise

Audit logs

Databricks provides access to audit logs of activities performed by Databricks users, allowing you to monitor detailed usage patterns. You can configure two types of audit and usage logging:

Privacy and compliance

Databricks has put in place controls to meet the unique compliance needs of highly regulated industries.

To learn how you can use Delta Lake on Databricks to manage General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) compliance for your data lake, see GDPR and CCPA compliance with Delta Lake

For more information about privacy and compliance and Databricks, see the Databricks Security and Trust Center.

The compliance security profile

You must enable the compliance security profile to use Databricks to process data that is regulated under the following compliance standards:

You can enable the compliance security profile on all existing and future workspaces in your Databricks account or on specific workspaces. See Compliance security profile.

You are solely responsible for ensuring your own compliance with all applicable laws and regulations.

Enhanced security monitoring

Enhanced security monitoring provides an enhanced hardened disk image and additional security monitoring agents that generate logs that you can review. See Enhanced security monitoring.

Enhanced security monitoring enables several additional monitoring agents. The output for these monitoring agents is available within Databricks audit logs. For more information, see Additional security monitoring events.

If you enable the compliance security profile, this feature is automatically enabled.

Automatic cluster update

If enabled on a workspace, automatic cluster update ensures that all the clusters in a workspace are periodically updated to the latest host OS image and security updates. Admins can schedule the maintenance window to update the compute resources monthly, weekly, or biweekly.

If you enable the compliance security profile, this feature is automatically enabled. Automatic cluster update can be enabled independently from the compliance security profile or enhanced security monitoring. See Automatic cluster update.