What is GDPR?
The General Data Protection Regulation (GDPR) is a set of data governance laws going into effect within the European Union on May 25, 2018. Wikipedia has an excellent overview of the regulation here.
Organizations outside the EU are also affected, since any organization that works with the personal data of EU residents now has obligations to protect the data.
What is Auvik doing about GDPR?
At Auvik, we’ve always honored our users’ right to data privacy and protection. The Auvik platform doesn’t need to collect and process personal user information beyond what’s required for administering our platform. Any data we do collect is always transmitted over a secure channel and encrypted at rest.
Auvik is taking the necessary steps to be GDPR compliant. We also understand our obligation as a data processor to support our partners in their GDPR compliance.
We’re thoroughly analyzing GDPR requirements and have engaged an internal team to meet them. Some of our ongoing initiatives:
- Identifying personal data. Defining the purview of personal data for each application and documenting the various sources of data will go a long way in providing a roadmap for compliance in the days leading up to implementation.
- Providing visibility and transparency. The most important aspect of GDPR is how collected data is used. As a data processor, Auvik’s key role is to provide our partners (the data controllers) with the access to effectively manage and protect their customers’ data.
- Enhancing data integrity and security. We’re continuously improving our security through ongoing employee training, securing our software development lifecycle, enhancing our security toolset, and refining policies and procedures to ensure we’re providing the highest level of end-to-end security to our partners.
- Portability and transferability of data. GDPR gives end users the right to either receive all the data provided and processed by the controller, or transfer it to another controller, depending on technical feasibility. With this new right in mind, Auvik is working on further enhancing its data export capabilities to make exports possible at the level of the individual.
In progress, targeting 2019
ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks.
SOC 2 TYPE 2
In progress, targeting Q3 2018
SOC 2 is an audit report on controls at a service organization relevant to security, availability, processing integrity, confidentiality and privacy. It’s the most recognized compliance criteria for cloud vendors around the world.
Cloud Security Alliance Security, Trust and Assurance Registry (STAR)
In progress, targeting Q3 2018
CSA STAR focuses on transparency, rigorous auditing, and standards harmonization. The STAR program includes a free registry that documents the security controls provided by cloud computing offerings. This publicly accessible registry is designed for users of cloud services to assess their cloud providers, security providers, and advisory and assessment services firms in order to make the best procurement decisions.
Source: Cloud Security Alliance