Slide 2 of 2

Compliance and security

Controls for regulated teams

These capabilities go beyond Grafana OSS. Each one solves a problem you hit as more teams use Grafana: compliance requirements, who can see and change things, how people log in, and how you prove all of it to an auditor.

  • Compliance certifications: Grafana Cloud is independently audited against SOC2, ISO 27001, PCI, and GDPR, so you inherit those attestations instead of pursuing them yourself.
  • RBAC (role-based access control): Governs what people can do in the UI. Allows you to control who can see and change what. As more teams share one stack, you set granular, custom permissions at the folder, dashboard, and data source level. Production data and alert rules stay restricted. RBAC goes beyond the basic Viewer, Editor, and Admin roles.
  • Access policies: Governs what machines and APIs can do. Grant services and tools scoped, token-based access to your Cloud stack (for example letting a collector write metrics but not read logs).
  • SSO (single sign-on) integration: SAML (Security Assertion Markup Language), added so Grafana can connect to enterprise identity systems that the OSS protocols (OAuth/OIDC) don’t cover.
  • Audit logging: Shows who accessed what and when, so you can prove to an auditor what happened.
  • Private Data Source Connect (PDC): Connects to data on your private network without opening it up to the internet.
  • PrivateLink: Sends telemetry from your AWS or Azure environment to Grafana Cloud without the data crossing the public internet. This lowers egress costs and meeting network isolation requirements.
  • Uptime SLA: Paid plans are backed by a 99.5% uptime SLA and 24/7 expert support from Grafana Labs.

Real results from real teams

  • Uni Cards

    “Most importantly, we no longer have to worry about upgrades, security patches, or compliance issues. In the finance domain, audits are frequent and every tool must be up to date and compliant. Now, Grafana Cloud handles it.”

  • MIC

    “That was a major improvement because it made logs accessible to a much broader audience without requiring direct server access, which also improved our security model.”

Script

As more teams share one stack, access control and compliance become real concerns. Grafana Cloud answers them with built-in compliance certifications and the access, identity, and audit controls that regulated teams need, without the work of setting them up yourself.
Previous Start next section