Supplemental Terms for Enhanced Compliance Features
These Databricks Supplemental Terms for Enhanced Compliance Features (“Supplemental Terms”) provide important definitions and terms applicable to Order(s) between Databricks and the customer organization entering into an Order (“Customer”, “you” or “your”) for Platform Services that provide enhanced features to support specific compliance frameworks (“Enhanced Compliance Features”).
These Supplemental Terms are additional contractual provisions applying to any Order which references these Supplemental Terms. Please refer to your Order for commercial and product details, or to see the definition of a capitalized word or phrase if it is used but not defined in these Supplemental Terms. The terms of your Order govern over these Supplemental Terms if there is any contradiction between or among such documents.
Overview
Processing certain categories of data (that is subject to enhanced security or specific compliance framework requirements) requires that you purchase access to Enhanced Compliance Features as detailed in your Order.
- Available options may change over time and be available only on certain Cloud Service Provider platforms, as indicated on the Databricks Price List.
- Use of Enhanced Compliance Features is also conditional upon your compliance with the additional obligations, below.
Additional Customer Obligations
Customers shall only use Platform Services to process data that is subject to compliance frameworks (as identified below and within our Documentation) if they purchase and appropriately configure and use the Enhanced Compliance Feature consistent with the following:
Compliance Framework | Enhanced Feature | Documentation* |
HIPAA1 | HIPAA Compliance Controls (GCP) | As available at: https://docs.databricks.com/en/security/privacy/index.html |
Enhanced Security & Compliance (AWS) | ||
PCI-DSS | PCI-DSS Compliance Controls | |
FedRAMP Moderate | FedRAMP-Moderate Compliance Controls | |
IRAP | IRAP Compliance Controls | |
UK Cyber Essentials Plus | UK Cyber Essentials Plus | |
FedRAMP High | FedRAMP-High Compliance Controls or DOD IL5 authorization (GovCloud) |
* Documentation provides configuration guidance to enable Enhanced Compliance Features; Customer is responsible for understanding and conforming its processing of data consistent with relevant compliance requirements. Additionally, for FedRAMP High customers, in any case the Customer is responsible for ensuring that Customer is provisioned into the correct instance of AWS GovCloud based on whether Customer qualifies as Community or DOD.
1HIPAA/BAA. The following applies only if Customer is subject to HIPAA: if Customer uses the Platform Services to process Customer Content that includes PHI, then (1) the terms of the Business Associate Agreement (BAA) executed between Customer and Databricks applies; or (2) in the absence of such BAA, Customer agrees to the terms set forth in the BAA at www.databricks.com/legal/baa as of the date of the Order.
Last Revised - September 2024