Cloud and physical security
GoodData uses enterprise-class SOC 2 Type II-audited and ISO 27001-certified facilities that include 24/7/365 managed security and physical access control. We proactively monitor the platform and all of its underlying operating components for security incidents, including alert notifications generated by GoodData systems, industry and open source alerts, and community alerts. Our dedicated three-level support team is on-duty 24/7 and trained to provide systematic and efficient responses to incidents including security and availability issues.
The GoodData platform reliably secures all key areas and ensures that all data remains confidential, available, and backed up for governance and disaster recovery purposes. Security zones are defined and implemented with specific enforcements, such as protocol enforcement, intrusion detection, and monitoring, and the complete GoodData platform is subjected to regular penetration testing. Customer data is both isolated and encrypted in transport as well as at rest to further enhance its defense.
GoodData has deployed several layers of operational security to minimize the risks associated with human activities. Access to the production environment is under strict control, with administrators allowed to invoke platform-specific functions but not to directly interact with the platform’s underlying components. Access logs are monitored and regularly inspected.
For detailed information download the security whitepaper.
GoodData compliance and certifications
Information security standards and certifications
- Service Organization Control (SOC) 2 Type II Report under AT 101. The report is available for customer review.
- ISO 27001:2013 compliance. GoodData ISMS complies with ISO 27001 requirements, and GoodData has implemented all ISO 27001:2013 Annex A controls. The Statement of Applicability is available for customer review.
Privacy regulations and certifications
- U.S.-Based Third Party Privacy Certification Program.
- Participation in the International Trade Administration’s EU-U.S. and Swiss-U.S. Privacy Shield Program.
- General Data Protection Regulation (GDPR) (EU) 2016/679. GoodData complies with GDPR and can make its Data Processing Addendum (DPA) available for execution.
Industry standards and regulations
- GoodData complies with HIPAA/HITECH and can make its Business Associate Agreement (BAA) available for execution.
- Skyhigh Enterprise-Ready. GoodData has received the SkyHigh Enterprise-Ready™ seal.
- Cloud Security Alliance. GoodData has completed self-assessment using CSA Consensus Assessment Initiative (CAI) Questionnaire, which is available for customer review.