Whether shopping online on a phone or joining video calls from a laptop, technology gives us greater access to data at the touch of a button. With more of us working from home than ever before, the risks of keeping data secure at home and in the office is a growing challenge for us all. We at Sitecore understand how critical it is to keep data safe and secure — after all, our mission is to help our customers build human connections in a digital world, and trust is essential.
Our customers across the globe are addressing numerous privacy laws and cybersecurity regulations, all designed to keep data confidential, safe, and secure. But more important than just checking the compliance box is the need to have practices in place that build trust in how data is handled. Each member of our privacy, security, and data governance team takes seriously our responsibilities to drive secure practices. We want to engage our customers, and our Sitecore community, with trust and be transparent about how we do this.
Investing in our security compliance framework
To demonstrate our commitment to protecting customer data, and to assure our Sitecore community that Sitecore’s security framework aligns with industry-recognized best practices, Sitecore maintains a number of compliance programs and certifications in accordance with strict regulatory and industry standards.
Since January 2019, Sitecore has received certifications and attestations for ISO 27001, ISO 27017, ISO 27018, CSA Star and SOC2 (Type 2) for its Managed Cloud offering. Since January 2020, these have been extended to cover Content Hub too.
What do these certifications mean for Sitecore?
- ISO 27001 is one of the most widely and internationally recognized security standards. It requires organizations to maintain a comprehensive Information Security Management System (ISMS), and mandates how organizations should handle and manage data in a secure manner, including appropriate security controls.
- ISO 27017 is a security standard that provides information security controls that apply to the provision and use of cloud services.
- ISO 27018 establishes a code of practice for protecting personally identifiable information (PII) in public clouds.
- CSA Star is a security framework used to measure maturity for keeping data secure in the cloud.
- SOC2 is an audit report testing an organization’s business practices against security controls.
What does this mean for you?
Sitecore’s ongoing compliance with these standards means that:
- As of this year, Sitecore’s Managed Cloud and Content Hub product offerings are both certified.
- Sitecore’s security practices have been reviewed and tested by an independent third-party auditor after demonstrating a continuous and systematic approach to managing and protecting company and customer data.
- Compliance with these standards, confirmed by an accredited auditor, demonstrates Sitecore’s continued adoption of these internationally recognized standards, workflows and best practices in Sitecore’s people, processes, and technologies that are used to provide cloud-based and SaaS services to its customers.
- As well as technical reviews, we maintain a system of precise controls to ensure the integrity of our cloud services, including HR security, physical security, management review, and vendor management, driving accountability for security throughout our global business.
- Customer data and hosting environments are protected and separated from other customers’ data.
Where can you learn more?
Sitecore has a number of whitepapers available for our Customers and Partners:
- Sitecore Managed Cloud Security Overview
- Sitecore Security Measures Whitepaper(available upon request)
- Sitecore and GDPR Whitepaper
You can read more about Sitecore’s security program, and find more resources, at our Trust Center.
To obtain a copy of our certifications, attestations, or reports, please reach out to your usual Sitecore contact or directly to us at email@example.com.
Rachael is Senior Director, Legal Counsel (Global Privacy and Data Security) at Sitecore, where she manages the company’s internal data governance program and advises on global privacy, data protection, and cybersecurity matters. Follow her on on LinkedIn.