Differences
This shows you the differences between two versions of the page.
Next revision | Previous revisionNext revisionBoth sides next revision | ||
compliance [2018_06_15 23:25] – created steven | compliance [2019_04_11 18:43] – [Government] Updated G Cloud reference steven | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | GDPR | + | ====== Compliance ====== |
- | ==== | + | |
+ | ===== GDPR ===== | ||
Our products and services make it easier for our customers to comply with the European Union’s General Data Protection Regulation (GDPR). Storage Made Easy, as a company, is also compliant. | Our products and services make it easier for our customers to comply with the European Union’s General Data Protection Regulation (GDPR). Storage Made Easy, as a company, is also compliant. | ||
Line 10: | Line 11: | ||
In different scenarios, with different categories of data, Storage Made Easy and our customers may play roles either as a data controller or data processor. | In different scenarios, with different categories of data, Storage Made Easy and our customers may play roles either as a data controller or data processor. | ||
- | Software (Enterprise File Fabric) | + | ==== Software (Enterprise File Fabric) |
- | --------------------------------- | + | |
Organizations who run the Enterprise File Fabric software in their own data centers, or on cloud platforms such as AWS EC2, Google Compute or Azure, are determining how personal data will be processed. Under GDPR, they are classified as data controllers. | Organizations who run the Enterprise File Fabric software in their own data centers, or on cloud platforms such as AWS EC2, Google Compute or Azure, are determining how personal data will be processed. Under GDPR, they are classified as data controllers. | ||
Line 17: | Line 17: | ||
For information on how our software supports data controllers see [[gdpr-compliance]]. | For information on how our software supports data controllers see [[gdpr-compliance]]. | ||
- | Online Services (SaaS) | + | ==== Online Services (SaaS) |
- | ---------------------- | + | |
Individuals can create accounts through our online File Fabric service, located in the US and EU. Under GDPR, Storage Made Easy is a data controller for the personal data entered by those individuals in creating and managing the account. However, for additional personal data entered by the account owner, including the credentials of their storage providers, content uploaded through the service, and for business accounts, member names and email addresses, the account owner is the data controller and Storage Made Easy is a data processor working under their direction. | Individuals can create accounts through our online File Fabric service, located in the US and EU. Under GDPR, Storage Made Easy is a data controller for the personal data entered by those individuals in creating and managing the account. However, for additional personal data entered by the account owner, including the credentials of their storage providers, content uploaded through the service, and for business accounts, member names and email addresses, the account owner is the data controller and Storage Made Easy is a data processor working under their direction. | ||
Line 24: | Line 23: | ||
For information on Storage Made Easy’s responsibilities as a data controller, see our [Privacy Policy](https:// | For information on Storage Made Easy’s responsibilities as a data controller, see our [Privacy Policy](https:// | ||
- | Managed Services (IaaS) | + | ==== Managed Services (IaaS) |
- | ----------------------- | + | |
Storage Made Easy manages dedicated instances of our Enterprise File Fabric platform for our customers on a number of different public and private clouds including [Linode](https:// | Storage Made Easy manages dedicated instances of our Enterprise File Fabric platform for our customers on a number of different public and private clouds including [Linode](https:// | ||
Line 31: | Line 29: | ||
Information for data controllers can be found at [[gdpr-compliance]]. Storage Made Easy’s responsibilities as a data processor are outlined in our [Data Processing Agreement](https:// | Information for data controllers can be found at [[gdpr-compliance]]. Storage Made Easy’s responsibilities as a data processor are outlined in our [Data Processing Agreement](https:// | ||
- | Marketing, Sales and Support | + | ==== Marketing, Sales and Support |
- | ---------------------------- | + | |
Storage Made Easy acts a data controller for the personal data of individuals that we market to directly, engage in business with, and support. For more information on how we collect and process personal data for these individuals see our [Privacy Policy](https:// | Storage Made Easy acts a data controller for the personal data of individuals that we market to directly, engage in business with, and support. For more information on how we collect and process personal data for these individuals see our [Privacy Policy](https:// | ||
- | Encryption (FIPS) | + | ===== Encryption (FIPS) |
- | ================= | + | |
The Enterprise File Fabric product’s cryptographic module has been validated by a third-party, | The Enterprise File Fabric product’s cryptographic module has been validated by a third-party, | ||
Line 43: | Line 39: | ||
For more information see [File Encryption](https:// | For more information see [File Encryption](https:// | ||
- | Government | + | ===== Government |
- | ========== | + | |
- | The Enterprise File Fabric had been approved by the UK Government for purchase by public-sector bodies through the Gov.uk [Digital Marketplace](https:// | + | The Enterprise File Fabric had been approved by the UK Government for purchase by public-sector bodies through the Gov.uk [Digital Marketplace](https:// |
[UKCloud](https:// | [UKCloud](https:// | ||
Line 52: | Line 47: | ||
For more information see [Secure Unified File Sharing and Collaboration for UK Government Cloud](https:// | For more information see [Secure Unified File Sharing and Collaboration for UK Government Cloud](https:// | ||
- | Healthcare | + | ===== Healthcare |
- | ========== | + | |
HIPAA and HITECH are U.S. Federal Government standards for the security and privacy of Protected Health Information (PHI). HIPAA and HITECH impose requirements related to the use and disclosure of PHI, appropriate safeguards to protect PHI, individual rights, and administrative responsibilities. For more information on HIPAA and HITECH, visit [http:// | HIPAA and HITECH are U.S. Federal Government standards for the security and privacy of Protected Health Information (PHI). HIPAA and HITECH impose requirements related to the use and disclosure of PHI, appropriate safeguards to protect PHI, individual rights, and administrative responsibilities. For more information on HIPAA and HITECH, visit [http:// |