Tuesday, 2 October 2018

GOODDATA Security




The Good Data Enterprise Insights Platform is designed to help Enterprises and

Independent Software Vendors (ISVs) securely transform their data into actionable

insights and deliver them to business users, customers, and partners at their

point-of-work to drive better business outcomes. Good Data realizes that helping to

protect our customer’s data, ensure proper security regulations, and mitigate any

potential risk is essential to building trust and delivering a high-level of service. Good Data

takes a risk based approach to security and this paper will detail the many different

measures and technologies in place to protect our customers.

Our security implementation allows us to adhere to the following best practices,

demonstrating our commitment to customer security and privacy:

>>Service Organisation Control (SOC) 2 Report

>>> A licensee of the TRUSTe® Privacy Progra>>>HIPAA Compliance>>>

Abides by the EU Data Directive by entering into Model Clauses with applicable

customers, partners, and suppliers

>>> Registered participant in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks

Defence in Depth

As you’ll see from any best-in-class Sass provider, there is no single layer that protects

customer data, but rather a well-architect ed solution that considers every layer from the

physical security measures at the data center, all the way through the access privileges

that determine what data an individual user can access. GoodData, as a best-in-class

analytics provider, uses this approach to protect customer data.

Process & Policy

The first layer of defense is having a well-defined and comprehensive set of security

processes and policies to ensure the security of our customers’ data and users.

GoodData’s ISMS employs a number of process and policy measures that instill security as

a key priority at our most core layer…. our people.

SOC 2 Type II Audit

Good Data undergoes yearly examination by external auditors against the SOC 2 Security

and Availability Trust Criteria.

Trustee Review

GoodData’s Privacy Policy, platform, website, and support portal has been reviewed by

Trustee for compliance with Trustee's program requirements and the Trustee Cloud

Program Requirements including transparency and accountability.

Change Control

A formal change control process minimizes the risk associated with system changes. The

process enables tracking of changes made to the systems and verifies that risks have been

assessed, inter-dependencies are explored and necessary policies and procedures have

been considered and applied before any change is authorized.

Training
GoodData employees authorized to access the GoodData platform undergo periodic

training to focus employee attention to compliance with corporate security policies. For

example, GoodData DevOps and Professional Services personnel who may handle

sensitive customer data and information will regularly undergo security, auditing, access,

and compliance training (e.g. for HIPAA)

Authorised Access

In addition to restricted personnel entering the production area, operational access is

limited to only a restricted set of GoodData operations employees. Access is controlled

via a physically separate network that is isolated from the GoodData corporate network

that serves its general employee population ensuring that only personnel authored to

access the data center may do so. All GoodData personnel with physical or operational

access to production environments are subject to training, deep background checks, and

all activities are logged for audit ability

No comments:

Post a Comment