Data compliance and security in the software purchasing process
By Sitecore Staff.
5 minute read
As our customers are evaluating software tools, we understand that part of that involves privacy and cybersecurity vendor risk assessments, questionnaires, and impact analyses.
The data compliance challenge
The headlines keep coming — with new hacks and data breaches seemingly increasing by the day. This is no doubt a part of why the Biden Administration just introduced an Executive Order to address the “persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.” It’s no surprise then that privacy and cybersecurity are top of mind for all our customers.
Whether located in the US or the EU, working in retail, financial services, or healthcare, each business will assess tools based on the level of risk they see and manage those risks while addressing privacy and cybersecurity laws.
As our customers are evaluating software tools, we understand that part of that involves privacy and cybersecurity vendor risk assessments, questionnaires, and impact analyses. This enables them to measure the risks associated with doing business with a new third-party and managing their supply chain. We do the same thing as part of our procurement processes.
How we can help
If you’re considering partnering with Sitecore, we want to make it easy for you to discover the information you need to make your risk assessment as quick and streamlined as possible.
- Certifications
Since January 2019, Sitecore has received certifications and attestations for ISO 27001, ISO 27017, ISO 27018, CSA Star and SOC2 (Type 2) for its Managed Cloud offering. Since January 2020, these have been extended to cover Content Hub too. Should you wish to see copies of our certifications or SOC2 report, please reach out to your usual Sitecore contact. - Trust Center
The go-to section on our website for privacy and security matters. Explore our online privacy policy, detailing how we collect and handle data and address compliance with privacy and data-protection laws such as the CCPA and GDPR. - Privacy and security questionnaires
Sitecore has a number of pre-filled security and privacy questionnaires that follow industry templates, including SIG, CAIQ and VSA. Should you require a copy, please reach out to security@sitecore.com - White papers
Sitecore’s products can all be configured to address compliance with GDPR and CCPA, and we have a number of white papers detailing how. If you would like a copy, please reach out to your usual Sitecore contact. - Customer contracts
All SaaS and Cloud Customers are required to agree to Sitecore’s DPA to address local privacy and security compliance requirements. If you would like a PDF copy of our DPA, please reach out to your usual Sitecore contact.
Resources
Here are some additional online resources:
- Security at Sitecore
- Resources on our Trust Center
- Data Privacy Day at Sitecore
- Sitecore and the Privacy Shield
- Sitecore and Data Localization
We know how important data compliance and security is — and believe it or not, we actually find this topic fascinating. If you have questions, concerns, or comments, please don’t hesitate to reach out to us so we can support you on your compliance journey.