Cloud Compliance Management System

Know the precise compliance state of your cloud environments

Get Started

Datica solves compliance in a post-cloud world

The Cloud Compliance Management System (CCMS) is built to manage compliance requirements across popular HIPAA-eligible cloud provider services. Cloud-native environments tend towards a constellation of managed services and microservices, but they have a compliance problem. Datica CCMS is the solution.

The CCMS is an easy-to-use SaaS tool that uses modern APIs to monitor and assess the configuration state of your favorite cloud services.

Uniquely designed to fit the specific requirements of healthcare compliance

  • Only solution with built in policies and procedures designed to meet the needs of regimes like HIPAA, HITRUST, GDPR, and GxP.
  • Only continuous monitoring tool to focus on checking specific compliance controls.
  • Only solution that helps developers with the most important part of compliance: proving it. Unique features make attestation easier.
  • Only compliance solution to focus on the post- cloud era, working hand-in-hand with the managed services on top of cloud providers that you want to use. It is not a VM or host-based
  • CCMS leaves security implementation up to you, just the way you like it: pick the tools you want to use and solve security your way. We'll then check to ensure it is compliant.
CCMS keeps your services compliant; Feature list

How it works

CCMS is a easy-to-use SaaS tool that uses modern APIs to assess the configuration state of your favorite cloud services.

Easy set-up

Customers select from a list of approved cloud services from one of the three major cloud service providers. Customers are walked through a workflow to configure the service to specific HITRUST CSF controls.

Continuous compliance

The chosen cloud services are connected to the CCMS via APIs. Datica then monitors the configuration states every day, checking to ensure the states have not changed in a non-compliant way.

Compliance-specific features

On-demand tools for remediation practices, attestation exercises, and historical reporting are available for all services monitored by the CCMS, making compliance tasks easy.

The CCMS grows with you

As a team's architecture grows, simply add more supported services to the CCMS. Even add services across multiple clouds! All centralized into a single elegant dashboard with powerful features.

API-Driven Compliance


Each configuration supported by Datica CCMS has been audited against HITRUST CSF v9.1, meaning a configuration is meant to be compliant against the regimes of HIPAA, GDPR, and GxP. It tracks configuration changes with each CSF update.


Real Time

Datica CCMS checks configuration states every day and tracks the states in a historical data model. This is the missing piece for modern cloud compliance: Constant understanding of the precise state of your cloud environments.

Uniquely Dynamic

The cloud is a dynamic world and compliance struggles to keep up. Datica CCMS is the only tool available to assess assurance of managed and microservices against critical compliance controls. It gives customers a strategy for the future.

Zero Lock-in

As with all of Datica's products, there is zero lock-in. Every service supported by the CCMS will have its configurations published to be publicly reviewable. Full transparency on what we monitor and why is critical to earning trust.

Proven and Reliable

We've handled over 100 million patient records.
Learn how we can support you on AWS, Azure, and GCP.
Multiple Geographies in the US and Europe
1000 Customer Assessments. Zero Failures.
We're built on open source, and provide deep educational resources

Trusted by the Best

Johnson & JohnsonZipnosisHealthloopBSChealthfinchPropeller HealthCOTACirrusMDStony BrookOptumUniversity of Kansas HospitalHurley Medical CenterThe VAUniversity of WashingtonMethodist Lebonheur HospitalEmory HealthcareVoalteSOC TelemedWolters Kluwer

Don't just guess—know the precise compliance state of your cloud environments with Datica CCMS.

Get Started Today

2019 is a Post-Cloud World

The proliferation of abstracted cloud services has increased in an effort to improve developer experience (a good thing). As a result, most cloud environments are a constellation of managed services and microservices. The cloud is no longer simply an operating system on someone else's hard drive.

But increased abstraction has meant greater control has been taken away from the end user's ability to attest to compliance assurances (a bad thing). The entire layer of "Services" on top of traditional VMs has completely changed how compliance should be measured, monitored, and managed.

How CCMS Helps You Pass Audits

This is a typical maturity model that your company will be audited against. It defines Privacy vs. Security vs. Compliance.

Maturity stage
How Datica Solves it




Defines what must be done to protect privacy.

Datica CCMS is the only product focused on making it easy to understand how to secure cloud environments specific to policies and procedures audited against the HITRUST CSF (the "Privacy" part).



is the act of implementing policies and procedures.

Other monitoring tools focus strictly on security, or don’t address compliance at all.




Proves it was done.

CCMS then continuously monitors the configuration state on a daily basis to ensure continual validation (the "Compliance" part).

The problem explodes when multiple services are used—a common approach to modern cloud workloads. Developers must reinvent the wheel of mapping controls in totality over a new service.

Images from the book, Complete Cloud Compliance.

Datica CCMS solves this problem. Simply plug available services into the CCMS and let us continuously monitor the compliance state of a service. Users can be assured the configurations map to the proper HITRUST CSF controls, thus generating a compliant posture against regimes such as HIPAA, GDPR, and GxP.

Make any cloud service compliant

The compliant configuration states of cloud services should not be proprietary. Transparency is fundamental to healthcare's transformation. Every service monitored by the CCMS will be publicly documented to help empower healthcare developers.

In a post-cloud world, configuring a service in a continual state is the goal. The hard part is simply knowing the proper configuration state mapped to a specific control. Modern compliance extends way beyond simple security group management, which is what existing tools do. Available today are configuration states of the three most popular managed database services across the three main cloud service providers. Each state has been mapped to appropriate HITRUST CSF controls and audited.

Simple, straightforward pricing

Datica CCMS is $1,000/mo. per service type + $10/mo. per instance

A 'service' is any supported cloud provider service, like AWS RDS, Azure Cosmos DB, or Google Cloud SQL

Datica CCMS is coming in early 2019.

Sign up to be notified of the release and to help prioritize service configurations. Registrants have the chance to be included in a private preview.