What is GDPR?
The General Data Protection Regulation (GDPR) is a set of data governance laws that went into effect within the European Union on May 25, 2018. Wikipedia has an excellent overview of the regulation here.
Organizations outside the EU are also affected, since any organization that works with the personal data of EU residents now has obligations to protect the data.
What has Auvik done about GDPR?
At Auvik, we’ve always honored our users’ right to data privacy and protection. The Auvik platform doesn’t need to collect and process personal user information beyond what’s required for administering our platform. Any data we do collect is always transmitted over a secure channel and encrypted at rest.
Auvik has taken the necessary steps to be GDPR compliant and understand our obligation as a data processor to support our partners in their GDPR compliance.
Will Auvik sign a Data Processing Addendum?
Yes. Note that we have updated Auvik’s general terms of service to include a data processing addendum (DPA) for all customers but we can review and sign your DPA if you prefer.
ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks.
SOC 2 TYPE 1
SOC 2 is an audit report on controls at a service organization relevant to security, availability, processing integrity, confidentiality and privacy. It’s the most recognized compliance criteria for cloud vendors around the world.
SOC Type 2 in progress, targeting Q2 2019
Cloud Security Alliance Security, Trust and Assurance Registry (STAR)
In progress, targeting Q3 2018
CSA STAR focuses on transparency, rigorous auditing, and standards harmonization. The STAR program includes a free registry that documents the security controls provided by cloud computing offerings. This publicly accessible registry is designed for users of cloud services to assess their cloud providers, security providers, and advisory and assessment services firms in order to make the best procurement decisions.
Source: Cloud Security Alliance