InAuth complies with the requirements of the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. InAuth adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity and purpose limitation, access and recourse, enforcement and liability with respect to all personal information transferred from the EU or Switzerland to the US within the scope of its Privacy Shield certification.
General Data Protection Regulation (GDPR)
GDPR came into effect on 25 May 2018, creating a unified data protection legislation across all European Union member states. GDPR is the EU’s new privacy law that modernizes data protection requirements. The law contains new or enhanced requirements but the core underlying principles of data protection remain the same. The new rules broadly define personal data and have a wide reach, affecting any company that collects personal information of individuals in the EU.
The GDPR changes the way organizations collect, use, and manage personal data from the EU. InAuth is committed to ensuring data is protected within a managed and secure environment. We ensure:
- data is encrypted in transit and at rest;
- strong access controls for both authentication and authorization;
- continuous security monitoring;
- vulnerability and patch management;
- robust incident response and recovery;
- ongoing security awareness training;
- Periodic independent 3rd-party security reviews and penetration testing; and
- EU-US Privacy shield certified.
For additional information regarding GDPR and data access requests, please visit https://www.inauth.com/landing-pages/gdpr/.
An independent firm audits InAuth’s security controls each year following the American Institute of CPAs (AICPA) SOC 2 guidelines for the Security, Confidentiality, and Availability principles to protect sensitive data. Companies that use cloud service providers use SOC 2 reports to assess and address the risks associated with third party technology services.
SOC 2 compliance provides clients the confidence and peace of mind that their data is secured and highly available. As part of InAuth’s commitment to security, InAuth will continue to perform SOC 2 Type 2 examinations on an annual basis with a licensed CPA firm. If you’d like to see more details on InAuth’s SOC 2 compliance, contact your Sales or Client Services representative.
Protecting sensitive data and mission-critical applications is InAuth’s number one priority. Our hosted environment within Amazon Web Services (AWS) global infrastructure is designed and managed according to security best practices, as well as a variety of compliance standards.
AWS compliance includes certifications include major programs such as ISO, SOC, CSA, PCI and HIPAA. The AWS environment may be leveraged to securely host sensitive of data in a highly scalable and available platform. For a full list of AWS compliance certifications, see https://aws.amazon.com/compliance/programs/.
All hosted clients are logically separated within a secure and private management console and registration database. Primary hosted environments are replicated in near real-time to a secondary AWS region to provide for data recovery during a disaster. InAuth leverages AWS and other 3rd party tools to manage access and keys, encrypt data, analyze logs for irregular activity, detect vulnerabilities and monitor for unauthorized configuration changes to the AWS environment.