blog に戻る

2017年10月18日 Jen Brown

Getting the Sumo Logic Platform Ready for GDPR

Security has been at the core of the Sumo Logic platform since day one. Security, Compliance, Governance, Privacy and Risk have always been key components in all aspects of our service and business, and this is no exception as we prepare for European Union General Data Protection Regulation (EU GDPR).

Building Blocks

How are we preparing? Like many other organizations around the world, there are a number of steps we are taking as we work towards GDPR compliancy. This blog will outline some of these steps and why they’re so critical to GDPR.

Global Privacy Program

We are working to expand our privacy program to meet the needs of EU GDPR as well as future Privacy Laws or Regulations. Privacy has long been an important pillar in programs, however with the rapidly growing areas of Big Data and the Internet of Things (IoT) the need to clearly call out how individuals data is being used and where it is stored is more important than ever.

DPO

As part of this initiative, we have hired a Data Protection Officer (DPO) to lead the program. The DPO and information security team have also consulted with a privacy attorney to discuss our roadmap and ensure we are on the best path to EU GDPR compliance. Additionally, she will be attending IAPP Training in London and obtaining her CIPP/E (Certified Information Privacy Professional/Europe) & CIPM (Certified Information Privacy Manager) Certifications.

Due Diligence

Some of the steps we are taking to ensure we are doing our due diligence and ensuring not only our compliance but that of our customers, is to work with all of our vendors and validate they are also working towards compliance with EU GDPR.

Data Protection Agreement

We also have a Data Protection Agreement (DPA) we will sign with customers to give them assurance that we will meet the May 25, 2018 deadline. We believe taking these steps are critical and allows us to provide our customers with confidence that Sumo Logic has done everything we can to ensure EU GDPR compliance.

Privacy by Design

Some other key processes and integrations we are working on are expanding our Security by Design to Security & Privacy by Design. Per Article 25 Privacy will be considered in every phase of our product and in all aspects of our business.

Educate

Privacy training has been integrated into our new hire training, annual training and ongoing communications. We will be working to ensure the entire organization understands EU GDPR as well as develop deeper, targeted trainings for specific portions of the law that apply to individual groups.

Policies & Processes

We are working to update and incorporate Data Protection & Privacy into our Information Security Management System (ISMS) as well as expand our Impact Assessments to include a Data Protection Impact Assessment (DPIA) and better define and document the way we perform Data Mapping.

Customer Confidence

Lastly, while currently there is no official certification for EU GDPR today, we are engaging with third parties to validate our controls and will provide an independent attestation of controls in early Summer 2018.


You may find this relevant:

Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.

Jen Brown

As Sumo Logic’s Compliance & Data Protection Officer Jen Brown brings over 20 years of experience in IT Security and Compliance. She has worked as a consultant, external auditor and internal resource for both small & large organizations. Ms. Brown previously held her QSA, which is the designation for external PCI Auditors and as a certified Lead Auditor for ISO 27001. She also has a strong background with SSAE16 (SOC1) SOC2, FISMA and several other regulations. Additionally, she has experience with HIPAA, FedRAMP and various other regulatory bodies, laws & standards. Ms. Brown leads Compliance, Privacy and Risk and Privacy efforts at Sumo Logic.

More posts by Jen Brown.

これを読んだ人も楽しんでいます