Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
compliance [2018_06_15 23:26]
steven
compliance [2018_06_15 23:28] (current)
steven
Line 1: Line 1:
 ====== Compliance ====== ====== Compliance ======
  
-GDPR +===== GDPR =====
-====+
  
 Our products and services make it easier for our customers to comply with the European Union’s General Data Protection Regulation (GDPR). Storage Made Easy, as a company, is also compliant. Our products and services make it easier for our customers to comply with the European Union’s General Data Protection Regulation (GDPR). Storage Made Easy, as a company, is also compliant.
Line 12: Line 11:
 In different scenarios, with different categories of data, Storage Made Easy and our customers may play roles either as a data controller or data processor. In different scenarios, with different categories of data, Storage Made Easy and our customers may play roles either as a data controller or data processor.
  
-Software (Enterprise File Fabric) +==== Software (Enterprise File Fabric) ​====
----------------------------------+
  
 Organizations who run the Enterprise File Fabric software in their own data centers, or on cloud platforms such as AWS EC2, Google Compute or Azure, are determining how personal data will be processed. Under GDPR, they are classified as data controllers. Organizations who run the Enterprise File Fabric software in their own data centers, or on cloud platforms such as AWS EC2, Google Compute or Azure, are determining how personal data will be processed. Under GDPR, they are classified as data controllers.
Line 19: Line 17:
 For information on how our software supports data controllers see [[gdpr-compliance]]. For information on how our software supports data controllers see [[gdpr-compliance]].
  
-Online Services (SaaS) +==== Online Services (SaaS) ​====
-----------------------+
  
 Individuals can create accounts through our online File Fabric service, located in the US and EU. Under GDPR, Storage Made Easy is a data controller for the personal data entered by those individuals in creating and managing the account.  However, for additional personal data entered by the account owner, including the credentials of their storage providers, content uploaded through the service, and for business accounts, member names and email addresses, the account owner is the data controller and Storage Made Easy is a data processor working under their direction. Individuals can create accounts through our online File Fabric service, located in the US and EU. Under GDPR, Storage Made Easy is a data controller for the personal data entered by those individuals in creating and managing the account.  However, for additional personal data entered by the account owner, including the credentials of their storage providers, content uploaded through the service, and for business accounts, member names and email addresses, the account owner is the data controller and Storage Made Easy is a data processor working under their direction.
Line 26: Line 23:
 For information on Storage Made Easy’s responsibilities as a data controller, see our [Privacy Policy](https://​storagemadeeasy.com/​privacy).  For information on our role as a data processor see our [Data Processing Agreement](https://​storagemadeeasy.com/​data_processor). For information on Storage Made Easy’s responsibilities as a data controller, see our [Privacy Policy](https://​storagemadeeasy.com/​privacy).  For information on our role as a data processor see our [Data Processing Agreement](https://​storagemadeeasy.com/​data_processor).
  
-Managed Services (IaaS) +==== Managed Services (IaaS) ​====
------------------------+
  
 Storage Made Easy manages dedicated instances of our Enterprise File Fabric platform for our customers on a number of different public and private clouds including [Linode](https://​linode.com)and [Memset](https://​memset.com). Since the customer is determining what personal data is being collected and how it is being used, in this scenario, under GDPR, they are the data controller. For any personal data Storage Made Easy may be processing under their direction, Storage Made Easy is a data processor. Storage Made Easy manages dedicated instances of our Enterprise File Fabric platform for our customers on a number of different public and private clouds including [Linode](https://​linode.com)and [Memset](https://​memset.com). Since the customer is determining what personal data is being collected and how it is being used, in this scenario, under GDPR, they are the data controller. For any personal data Storage Made Easy may be processing under their direction, Storage Made Easy is a data processor.
Line 33: Line 29:
 Information for data controllers can be found at [[gdpr-compliance]]. Storage Made Easy’s responsibilities as a data processor are outlined in our [Data Processing Agreement](https://​storagemadeeasy.com/​data_processor).  We also maintain subprocessor agreements with our platform vendors. Linode infrastructure compliance details and accreditations can be found [here](https://​www.linode.com/​compliance). Memset infrastructure compliance details and accreditations can be found [here](https://​www.memset.com/​about-us/​security-compliance). Information for data controllers can be found at [[gdpr-compliance]]. Storage Made Easy’s responsibilities as a data processor are outlined in our [Data Processing Agreement](https://​storagemadeeasy.com/​data_processor).  We also maintain subprocessor agreements with our platform vendors. Linode infrastructure compliance details and accreditations can be found [here](https://​www.linode.com/​compliance). Memset infrastructure compliance details and accreditations can be found [here](https://​www.memset.com/​about-us/​security-compliance).
  
-Marketing, Sales and Support +==== Marketing, Sales and Support ​====
-----------------------------+
  
 Storage Made Easy acts a data controller for the personal data of individuals that we market to directly, engage in business with, and support. For more information on how we collect and process personal data for these individuals see our [Privacy Policy](https://​storagemadeeasy.com/​privacy). Storage Made Easy acts a data controller for the personal data of individuals that we market to directly, engage in business with, and support. For more information on how we collect and process personal data for these individuals see our [Privacy Policy](https://​storagemadeeasy.com/​privacy).
  
-Encryption (FIPS) +===== Encryption (FIPS) ​=====
-=================+
  
 The Enterprise File Fabric product’s cryptographic module has been validated by a third-party,​ as conforming to the Advanced Encryption Standard (AES) algorithm. The validation registration is [No. 4854](https://​csrc.nist.gov/​Projects/​Cryptographic-Algorithm-Validation-Program/​Validation/​Validation-List/​AES%234854). (#cmnt6)The AES algorithm, as specified in [Federal Information Processing Standard Publication 197, Advanced Encryption Standard](https://​csrc.nist.gov/​publications/​detail/​fips/​197/​final) (FIPS PUB 197), is used to protect electronic data. It is a symmetric block cipher that can encrypt and decrypt information with cryptographic keys. Storage Made Easy uses 256-bit keys (AES-256). AES is mandatory for electronic products and services provided to the federal government. It is also required by other highly secure organizations. The Enterprise File Fabric product’s cryptographic module has been validated by a third-party,​ as conforming to the Advanced Encryption Standard (AES) algorithm. The validation registration is [No. 4854](https://​csrc.nist.gov/​Projects/​Cryptographic-Algorithm-Validation-Program/​Validation/​Validation-List/​AES%234854). (#cmnt6)The AES algorithm, as specified in [Federal Information Processing Standard Publication 197, Advanced Encryption Standard](https://​csrc.nist.gov/​publications/​detail/​fips/​197/​final) (FIPS PUB 197), is used to protect electronic data. It is a symmetric block cipher that can encrypt and decrypt information with cryptographic keys. Storage Made Easy uses 256-bit keys (AES-256). AES is mandatory for electronic products and services provided to the federal government. It is also required by other highly secure organizations.
Line 45: Line 39:
 For more information see [File Encryption](https://​docs.storagemadeeasy.com/​cloudencryption). For more information see [File Encryption](https://​docs.storagemadeeasy.com/​cloudencryption).
  
-Government +===== Government ​=====
-==========+
  
 The Enterprise File Fabric had been approved by the UK Government for purchase by public-sector bodies through the Gov.uk [Digital Marketplace](https://​www.digitalmarketplace.service.gov.uk/​g-cloud/​services/​821523275015502). The solution is available as Cloud Software (SaaS) and hosted on UKCloud Primary Storage and Computing as a Service infrastructure. The Enterprise File Fabric had been approved by the UK Government for purchase by public-sector bodies through the Gov.uk [Digital Marketplace](https://​www.digitalmarketplace.service.gov.uk/​g-cloud/​services/​821523275015502). The solution is available as Cloud Software (SaaS) and hosted on UKCloud Primary Storage and Computing as a Service infrastructure.
Line 54: Line 47:
 For more information see [Secure Unified File Sharing and Collaboration for UK Government Cloud](https://​storagemadeeasy.com/​gcloudready). For more information see [Secure Unified File Sharing and Collaboration for UK Government Cloud](https://​storagemadeeasy.com/​gcloudready).
  
-Healthcare +===== Healthcare ​=====
-==========+
  
 HIPAA and HITECH are U.S. Federal Government standards for the security and privacy of Protected Health Information (PHI). HIPAA and HITECH impose requirements related to the use and disclosure of PHI, appropriate safeguards to protect PHI, individual rights, and administrative responsibilities. For more information on HIPAA and HITECH, visit [http://​www.hhs.gov/​ocr/​privacy/​](http://​www.hhs.gov/​ocr/​privacy). HIPAA and HITECH are U.S. Federal Government standards for the security and privacy of Protected Health Information (PHI). HIPAA and HITECH impose requirements related to the use and disclosure of PHI, appropriate safeguards to protect PHI, individual rights, and administrative responsibilities. For more information on HIPAA and HITECH, visit [http://​www.hhs.gov/​ocr/​privacy/​](http://​www.hhs.gov/​ocr/​privacy).