GoodData Security
Security Header

Data security, confidentiality, availability, and integrity are vital to business operations of our customers. Safe handling and secure management of data is a global issue that requires constant vigilance. GoodData, working in partnership with customers and technology providers, employs a proactive security strategy that combines common sense, industry best practices, and modern technology to keep the GoodData service secure. To this end, GoodData employs a multi-layered approach to protect information, keeps up with international compliance standards and best practices, tests and adopts new technology, and continues to constantly monitor and improve our applications, systems and security processes. All while paying close attention to specific regulatory requirements in customer industries and locales.

Your data is safe with GoodData.

Cloud and Physical Security

GoodData utilises enterprise-class SSAE 16 SOC2 Type II audited and ISO 27001 certified facilities that include 24/7/365 managed security and physical access control. GoodData proactively monitors the platform and all of its underlying operating components for security incidents, including alert notifications generated by GoodData systems, industry and open source alerts, and community alerts. GoodData employs a dedicated 3-level support team in 24x7 on-duty mode who are trained to provide systematic and efficient response to incidents including security and availability issues.

Data Security

The GoodData Platform reliably secures all key areas, and ensures that all data remains confidential, available and backed up for governance and disaster recovery purposes. Security zones are defined and implemented with specific enforcements, such as protocol enforcement, intrusion detection, and monitoring, while the complete GoodData Platform is subjected to regular penetration testing. Customer data is both isolated and encrypted in transport as well as at rest to further enhance its defense.

Operational Security

GoodData has deployed several layers of operational security (Defense in Depth) to minimize the risks associated with human activities. Access to the production environment is under strict control, administrators are allowed to invoke platform-specific functions but are not permitted to directly interact with the platform’s underlying components. Access logs are monitored and regularly inspected.

GoodData Compliance and Certifications

Information Security Standards and Certifications

  • Service Organization Control (SOC) 2 Type II Report under AT 101. The report is available for customer review.
  • ISO 27001:2013 Compliance. GoodData ISMS complies with ISO 27001 requirements and GoodData has implemented all ISO 27001:2013 Annex A controls. Statement of Applicability is available for customer review.

Privacy Regulations and Certifications

  • U.S.-Based Third Party Privacy Certification Program
  • Participation in the International Trade Administration’s EU-U.S. and Swiss-U.S. Privacy Shield Program
  • General Data Protection Regulation (GDPR) (EU) 2016/679. GoodData complies with GDPR and can make its Data Processing Addendum (DPA) available for execution.

Industry Standards and Regulations

  • GoodData complies with HIPAA/HITECH and can make its Business Associate Agreement (BAA) available for execution.
  • Skyhigh Enterprise-Ready. GoodData has received the SkyHigh Enterprise-Ready™ seal.
  • Cloud Security Alliance. GoodData has completed self-assessment using CSA Consensus Assessment Initiative (CAI) Questionnaire, which is available for customer review.

​You can find more details at GoodData Security Overview.

Security Content