Data security & privacy compliance

The ISO/IEC 27002:2022 standard is used as a reference for controls when implementing an Information Security Management System, incorporating data access controls, cryptographic control of sensitive data, and key management.

What we can do: We can help you to cover a number of technological security controls by using our data security software products, as well as cover organisational controls via our services and security advisory.

Why us: We understand how to cross the chasm between high-level ISMS security and practical technological and risk considerations.

Relevant products:Acra

Relevant solutions:Security advisory & strategy serviceProduct security & SSDLC

Relevant customer stories:Encrypting patients' data across hospital networks

ETSI EN 303 645 standard provides a set of baseline requirements for security in consumer Internet of things (IoT) devices. It allows suppliers to assess the compliance of their devices against ETSI EN 303 645 in self-assessments or via testing labs.

What we can do: We provide tools to protect, services to audit, improve, and design protection.

Why us: We have vast experience in industrial security and understanding of mass software products and problems of scale that make consumer IoT especially hard.

Relevant products:ThemisAcra

Relevant solutions:Critical national infrastructure securitySecurity for consumer appsReinforcing trust by auditable and verifiable systems

Relevant customer stories:Protecting telemetry data in state-wide critical infrastructure network

The CPRA revises and toughens some aspects of the CCPA and creates a new consumer privacy agency to enforce consumer privacy rights.

What we can do: We provide services and tools to improve security of stored sensitive data and prevent legal liabilities after security breaches.

Why us: We understand how to combine formal compliance and practical security in a way that doesn't hinder the product yet brings compliance and security.

Relevant products:ThemisAcra

Relevant solutions:Product security & SSDLCSecurity engineering & architectureMobile applications security solutions

Relevant customer stories:End-to-end encryption and multi-device synchronisation for 6M users

Sarbanes-Oxley Act protects investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes.

What we can do: Section 404 mandates complex controls, including security controls (as a subset of ITGC).

Why us: We understand how to mix formal requirements with practical security benefits.

Relevant products:ThemisAcraHermes

Relevant solutions:Data security in FintechBlockchain and cyptocurrencies security solutionsSecurity engineering & architecture

Relevant customer stories:Building ironclad data security for M&A solution leader

FIPS 140-3 is a US government computer security standard used to validate cryptographic modules. This standard is used in designing and implementing cryptographic modules that federal departments and agencies operate or are operated for them under contract.

What we can do: All of our products can be bespoke-compiled to run with a number of FIPS 140-3 validated crypto modules.

Why us: We have deep knowledge of the problem domain. We are vendors of cryptographic libraries since 2014, we have tailored them to specific country regulations.

Relevant products:ThemisAcraHermes

Relevant solutions:Cryptography engineeringZero Trust and end-to-end encryption solutions

Relevant customer stories:Protecting telemetry data in state-wide critical infrastructure network

COPPA applies to online collection of personal information from children under 13. It includes requirements to take adequate measures to protect sensitive data collected from/regarding children (§ 312.8).

What we can do: We can provide security engineering and consulting to assess, design, implement, and validate appropriate security measures.

Why us: We are experts in crafting security to balance compliance with practical security.

Relevant products:ThemisAcra

Relevant solutions:Data security solutionsZero Trust and end-to-end encryption solutionsMobile applications security solutions

Relevant customer stories:End-to-end encryption and multi-device synchronisation for 6M users

The LGPD outlines how to legally collect, process, handle, secure, and destroy personal data. It applies to any processing operation carried out by a natural person or a legal entity of either public or private law, irrespective of the means.

What we can do: We can help you build security controls and measures according to chapter VII.

Why us: We are experts in crafting security to balance compliance with practical security. We advise and implement data protection measures that don't ruin system behvaiour and user experience: data encryption, masking, tokenization.

Relevant products:ThemisAcra

Relevant solutions:Data securityZero Trust and end-to-end encryption solutionsSaaS data security solutionsSecurity advisory & strategy service

Relevant customer stories:Building ironclad data security for M&A solution leader

The GDPR requires businesses to protect personal data and privacy of the EU citizens for transactions within EU member states. The GDPR also regulates export of personal data outside the EU.

What we can do: We provide building blocks, solutions, and services to protect sensitive data and enable digital citizen rights.

Why us: We are experts in crafting security to balance compliance with practical security, we have vast experience with the GDPR.

Relevant products:ThemisAcra

Relevant solutions:Data securityZero Trust and end-to-end encryption solutionsSaaS data security solutionsSecurity advisory & strategy serviceyMobile applications security solutions

Relevant customer stories:Building ironclad data security for M&A solution leader