SOC2 Type II
SOC2 Compliance – is a component of the American Institute of CPAs (AICPA)’s Service Organization Control reporting platform. Its goal is to make sure that systems are set up so they assure security, availability, processing integrity, confidentiality, and privacy of customer data. SignalFx goes through SOC2 compliance on an annual basis, and focuses on security, availability and confidentiality.
Privacy Shield Certified
Splunk maintains an active Privacy Shield certification.
Privacy Shield is an agreement between the EU and US allowing for the transfer of personal data from the EU to US. The GDPR has specific requirements regarding the transfer of data out of the EU. One of these requirements is that the transfer must only happen to countries deemed as having adequate data protection laws. In general the EU does not list the US as one of the countries that meets this requirement. Privacy Shield is designed to create an program whereby participating companies are deemed as having adequate protection, and therefore facilitate the transfer of information.
In short, Privacy Shield allows US companies, or EU companies working with US companies, to meet this requirement of the GDPR.
General Data Protection Regulation is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas.
The Consensus Assessments Initiative Questionnaire (CAIQ) is a survey provided by the Cloud Security Alliance (CSA) for cloud consumers and auditors to assess the security capabilities of a cloud service provider. SignalFx can provide this questionnaire to any client or potential client (under NDA).