Data security, confidentiality, availability, and integrity are vital to business operations of our customers. Safe handling and secure management of data is a global issue that requires constant vigilance. GoodData, working in partnership with customers and technology providers, employs a proactive security strategy that combines common sense, industry best practices, and modern technology to keep the GoodData service secure. To this end, GoodData employs a multi-layered approach to protect information, keeps up with international compliance standards and best practices, tests and adopts new technology, and continues to constantly monitor and improve our applications, systems and security processes. All while paying close attention to specific regulatory requirements in customer industries and locales.
Your data is safe with GoodData.
GoodData utilises enterprise-class SSAE 16 SOC2 Type II audited and ISO 27001 certified facilities that include 24/7/365 managed security and physical access control. GoodData proactively monitors the platform and all of its underlying operating components for security incidents, including alert notifications generated by GoodData systems, industry and open source alerts, and community alerts. GoodData employs a dedicated 3-level support team in 24x7 on-duty mode who are trained to provide systematic and efficient response to incidents including security and availability issues.
The GoodData Platform reliably secures all key areas, and ensures that all data remains confidential, available and backed up for governance and disaster recovery purposes. Security zones are defined and implemented with specific enforcements, such as protocol enforcement, intrusion detection, and monitoring, while the complete GoodData Platform is subjected to regular penetration testing. Customer data is both isolated and encrypted in transport as well as at rest to further enhance its defense.
GoodData has deployed several layers of operational security (Defense in Depth) to minimize the risks associated with human activities. Access to the production environment is under strict control, administrators are allowed to invoke platform-specific functions but are not permitted to directly interact with the platform’s underlying components. Access logs are monitored and regularly inspected.
You can find more details at GoodData Security Overview.