GoodData Security Statement

Last Updated: February 2012

Securing customer information is a critical component of GoodData’s business value proposition. As an on demand service, security must be an integral part of both the design and operations of GoodData. In order to accomplish this, GoodData has included security in all levels of our technology and operations from the onset of the company. GoodData’s commitment is to invest in the technology, people, and process to ensure that data you have entrusted with us is safe, secure, and private.

We believe that effective information security has much to do with people and processes as it does with technical protection measures.  Here are the overall points that guide GoodData security strategy:

• Security is multi-layered - it must be addressed at all layers - physical, application, metadata, data, etc.
• GoodData is a service provider - the burden is on GoodData to provide a secure service for our customers
• We are built atop Amazon Web Services (AWS) - this means we inherit aspects of our security from Amazon
• We augment AWS security by applying selected technologies, such as key-based authentication, data encryption, platform monitoring and firewall configuration, as well as policies related to change and incident management
• Whenever possible, we make our security model open and pluggable to accommodate customer-specific requirements such as 3rd-party authentication, user account management or primary storage encryption

Participation in relevant industry certification and accreditation programs is intended to provide us, our investors, and our customers with the highest level of assurance regarding our operations, infrastructure and controls.  In January 2011 we attained a recurring Statement on Auditing Standards No. 70: Service Organizations, Type I (SAS70 Type I) certification.  We expect to obtain SAS70 Type II certification by March 2012.  We also expect to obtain our Statement on Standards for Attestation Engagements 16 (“SSAE 16”) SOC 2 certification by March 2012.  We are also working to obtain ISO 27001 certification.  Additionally, we’ve attained independent web application security certifications from TRUSTe, VeriSign, GoDaddy, and salesforce.com.   We are also EU Safe Harbor Certified; please see our Privacy Policy for additional information.

Access our full security statement HERE.