We apply DevSecOps, building secure design, reviews, SAST, and DAST into our development lifecycle. Data is encrypted at rest and in transit, and our customers can employ strong multitenancy controls.
Highly resilient data centers with N+1 redundancy and a wide range of audits and certifications, including SOC 2 and ISO 27001. 24x7x365 managed physical security and robust access controls.
Robust security logging and monitoring 24x7x365, strict production access control, and logs review. Regular vulnerability scans and patch management with defined SLAs. Security reviews and penetration tests.
SLAs & Trust
Availability & SLA commitments
Enterprise customers benefit from 99,5 % SLA and 24x7 support. We monitor our platform for availability 24x7x365 and have on-duty personnel ready to resolve any potential issues or incidents.
Refer to our Support Portal for up-to-date platform status.
We apply HA architecture, and the platform is deployed across multiple availability zones. Our business continuity plan follows ISO 22301 and incorporates daily off-site backups and annual disaster recovery tests.
We are committed to security and privacy, follow best practices for data protection, and offer emerging geographical zone selection to ensure that customer data residency requirements are met.
We comply with privacy laws, including GDPR and CCPA.
SOC 2 Type II report
GoodData is SOC 2 Type II certified since 2013 and is regularly audited by a reputable third-party auditing company on Security, Availability, and Confidentiality principles.
ISO 27001 compliance
We comply with ISO 27002 code of practices and have implemented all ISO 27001 Annex A controls. The SOC 2 report includes mapping of our controls to ISO 27001.
We comply with U.S. HIPAA law for the protection of health data and will sign BAA with our customers. Our SOC report includes mapping of our controls against HIPAA requirements.