This topic describes how Snowflake supports customers with PCI-DSS compliance requirements.

Understanding PCI DSS compliance requirements

The Payment Card Industry Data Security Standards are a set of requirements prescribed by the Payment Card Industry Security Standards Council. Snowflake is a Level 1 Service Provider compliant under PCI DSS version 3.2.1 and undergoes a third party assessment from a QSA (Qualified Security Assessor) on an annual basis. The AoC (Attestation of Compliance) is available upon request. Snowflake’s PCI DSS compliance allows customers to store, process, or transmit cardholder data utilizing the Snowflake Service. However, there are PCI compliance responsibilities that fall to customers outside of those managed by Snowflake, for a breakdown of these responsibilities customers can request the Snowflake PCI Shared Responsibility Matrix.