The Good Data Enterprise Insights Platform is designed to help Enterprises and
Independent Software Vendors (ISVs) securely transform their data into actionable
insights and deliver them to business users, customers, and partners at their
point-of-work to drive better business outcomes. Good Data realizes that helping to
protect our customer’s data, ensure proper security regulations, and mitigate any
potential risk is essential to building trust and delivering a high-level of service. Good Data
takes a risk based approach to security and this paper will detail the many different
measures and technologies in place to protect our customers.
Our security implementation allows us to adhere to the following best practices,
demonstrating our commitment to customer security and privacy:
>>Service Organisation Control (SOC) 2 Report
>>> A licensee of the TRUSTe® Privacy Progra>>>HIPAA Compliance>>>
Abides by the EU Data Directive by entering into Model Clauses with applicable
customers, partners, and suppliers
>>> Registered participant in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
Defence in Depth
As you’ll see from any best-in-class Sass provider, there is no single layer that protects
customer data, but rather a well-architect ed solution that considers every layer from the
physical security measures at the data center, all the way through the access privileges
that determine what data an individual user can access. GoodData, as a best-in-class
analytics provider, uses this approach to protect customer data.
Process & Policy
The first layer of defense is having a well-defined and comprehensive set of security
processes and policies to ensure the security of our customers’ data and users.
GoodData’s ISMS employs a number of process and policy measures that instill security as
a key priority at our most core layer…. our people.
SOC 2 Type II Audit
Good Data undergoes yearly examination by external auditors against the SOC 2 Security
and Availability Trust Criteria.
Trustee Review
GoodData’s Privacy Policy, platform, website, and support portal has been reviewed by
Trustee for compliance with Trustee's program requirements and the Trustee Cloud
Program Requirements including transparency and accountability.
Change Control
A formal change control process minimizes the risk associated with system changes. The
process enables tracking of changes made to the systems and verifies that risks have been
assessed, inter-dependencies are explored and necessary policies and procedures have
been considered and applied before any change is authorized.
Training
GoodData employees authorized to access the GoodData platform undergo periodic
training to focus employee attention to compliance with corporate security policies. For
example, GoodData DevOps and Professional Services personnel who may handle
sensitive customer data and information will regularly undergo security, auditing, access,
and compliance training (e.g. for HIPAA)
Authorised Access
In addition to restricted personnel entering the production area, operational access is
limited to only a restricted set of GoodData operations employees. Access is controlled
via a physically separate network that is isolated from the GoodData corporate network
that serves its general employee population ensuring that only personnel authored to
access the data center may do so. All GoodData personnel with physical or operational
access to production environments are subject to training, deep background checks, and
all activities are logged for audit ability
No comments:
Post a Comment