Digital Operational Resilience Act (DORA)

Snowflake encrypts data at rest using AES 256-bit (or better) encryption and leverages Transport Layer Security (TLS) 1.2 (or better) for data in transit to and from our platform. Snowflake's Bring Your Own Key (BYOK) model — known as Tri-Secret Secure — empowers customers to maintain complete control over their encryption keys, adding an extra layer of security.

Snowflake allows customers to define granular permissions for user roles, minimizing the risk of unauthorized access to sensitive data. Additionally, data can be classified and tagged based on its level of sensitivity, confidentiality or importance to the organization. This prioritizes security measures and simplifies data discovery.

Snowflake offers a comprehensive list of data governance features. These include, but are not limited to, data masking, support for external tokenization and historical logging of user access history. These features further enhance the protection of customers’ sensitive data.

Snowflake offers built-in fault tolerance and data replication supports continuous access to your data, even during hardware failures. Data is automatically replicated across different availability zones within the same region. If there's an issue, the system automatically fails over to another zone, minimizing downtime.

Snowflake permits customer audits and penetration tests of their accounts in the Service.  The Snowflake Service is also routinely audited by independent third-party auditors for compliance with various industry standards, including ISO 27001, SOC 1 Type II and SOC 2 Type II, and PCI-DCC, among others.  Snowflake’s continuously expanding portfolio of supported security and compliance standards can be found here, Security & Compliance Reports.

Snowflake can near instantly scale to meet planned, ad hoc, or surprise growth. This means instead of paying for a fixed, limited amount of storage and compute, the amount of storage and compute grows and shrinks as your needs change over time.

Available in Business Critical and Enterprise editions, Snowflake’s account replication and failover features allow customers to replicate their entire Snowflake account, including databases and metadata, to a separate account in a different region, providing a complete disaster recovery solution. Replication is configurable, allowing customers to recover their data to a specific point in time.

Snowflake has an established vendor risk assessment program, which evaluates the operational resilience of its sub-processors annually and on an ad hoc basis. Snowflake customers may subscribe at the above link to receive advance notifications of new sub-processors.

Snowflake conducts frequent vulnerability scans and engages third-party security firms to conduct penetration testing of its platform. Snowflake also integrates with popular Security Incident and Event Management (SIEM) systems, allowing Snowflake customers to centralize security monitoring and receive alerts of suspicious activity. 

In the event of a security incident, Snowflake will provide its customers with timely information about the nature and consequences of the incident, the measures being taken to mitigate it, and the status of their investigation as described in Snowflake’s Security Addendum.