
Data security & privacy compliance
Compliance and regulatory requirements are pressing agenda item of any serious security team. Many of them impact data security decisions and product strategy.
Thus, whether youβre only building your compliance posture or facing imminent audits, some of our tools and services may help to implement many data and application security-related compliance requirements.
Geography
Choose geography of your projects
Applicable industries:
Choose a industry of your projects
Compliance type:
Choose a type of your projects
Results (8)
ISO/IEC 27002:2022
GlobalπThe ISO/IEC 27002:2022 standard is used as a reference for controls when implementing an Information Security Management System, incorporating data access controls, cryptographic control of sensitive data, and key management.
Industries: All
Type: Certification standard
What we can do: We can help you to cover a number of technological security controls by using our data security software products, as well as cover organisational controls via our services and security advisory.
Why us: We understand how to cross the chasm between high-level ISMS security and practical technological and risk considerations.
Relevant products:Acra
Relevant solutions:Security advisory & strategy serviceProduct security & SSDLC
Relevant customer stories:Encrypting patients' data across hospital networks
ETSI EN 303 645
EUπͺπΊETSI EN 303 645 standard provides a set of baseline requirements for security in consumer Internet of things (IoT) devices. It allows suppliers to assess the compliance of their devices against ETSI EN 303 645 in self-assessments or via testing labs.
Industries: IoT, Consumer
Type: Standard
What we can do: We provide tools to protect, services to audit, improve, and design protection.
Why us: We have vast experience in industrial security and understanding of mass software products and problems of scale that make consumer IoT especially hard.
Relevant solutions:Critical national infrastructure securitySecurity for consumer appsReinforcing trust by auditable and verifiable systems
Relevant customer stories:Protecting telemetry data in state-wide critical infrastructure network
CCPA and CPRA (California Privacy Rights Act)
USAπΊπΈThe CPRA revises and toughens some aspects of the CCPA and creates a new consumer privacy agency to enforce consumer privacy rights.
Industries: All
Type: Legal regulation
What we can do: We provide services and tools to improve security of stored sensitive data and prevent legal liabilities after security breaches.
Why us: We understand how to combine formal compliance and practical security in a way that doesn't hinder the product yet brings compliance and security.
Relevant solutions:Product security & SSDLCSecurity engineering & architectureMobile applications security solutions
Relevant customer stories:End-to-end encryption and multi-device synchronisation for 6M users
SOX, Sarbox (Sarbanes-Oxley Act)
USAπΊπΈSarbanes-Oxley Act protects investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes.
Industries: Finance
Type: Legal regulation
What we can do: Section 404 mandates complex controls, including security controls (as a subset of ITGC).
Why us: We understand how to mix formal requirements with practical security benefits.
Relevant products:ThemisAcraHermes
Relevant solutions:Data security in FintechBlockchain and cyptocurrencies security solutionsSecurity engineering & architecture
Relevant customer stories:Building ironclad data security for M&A solution leader
FIPS 140-3
USAπΊπΈ, Canadaπ¨π¦FIPS 140-3 is a US government computer security standard used to validate cryptographic modules. This standard is used in designing and implementing cryptographic modules that federal departments and agencies operate or are operated for them under contract.
Industries: All
Type: Certification standard
What we can do: All of our products can be bespoke-compiled to run with a number of FIPS 140-3 validated crypto modules.
Why us: We have deep knowledge of the problem domain. We are vendors of cryptographic libraries since 2014, we have tailored them to specific country regulations.
Relevant products:ThemisAcraHermes
Relevant solutions:Cryptography engineeringZero Trust and end-to-end encryption solutions
Relevant customer stories:Protecting telemetry data in state-wide critical infrastructure network
COPPA applies to online collection of personal information from children under 13. It includes requirements to take adequate measures to protect sensitive data collected from/regarding children (Β§ 312.8).
Industries: All
Type: Legal regulation
What we can do: We can provide security engineering and consulting to assess, design, implement, and validate appropriate security measures.
Why us: We are experts in crafting security to balance compliance with practical security.
Relevant solutions:Data security solutionsZero Trust and end-to-end encryption solutionsMobile applications security solutions
Relevant customer stories:End-to-end encryption and multi-device synchronisation for 6M users
Brazilian General Data Protection Law
Brazilπ§π·The LGPD outlines how to legally collect, process, handle, secure, and destroy personal data. It applies to any processing operation carried out by a natural person or a legal entity of either public or private law, irrespective of the means.
Industries: All
Type: Legal regulation
What we can do: We can help you build security controls and measures according to chapter VII.
Why us: We are experts in crafting security to balance compliance with practical security. We advise and implement data protection measures that don't ruin system behvaiour and user experience: data encryption, masking, tokenization.
Relevant solutions:Data securityZero Trust and end-to-end encryption solutionsSaaS data security solutionsSecurity advisory & strategy service
Relevant customer stories:Building ironclad data security for M&A solution leader
GDPR (General Data Protection Regulation)
EUπͺπΊThe GDPR requires businesses to protect personal data and privacy of the EU citizens for transactions within EU member states. The GDPR also regulates export of personal data outside the EU.
Industries: All
Type: Legal regulation
What we can do: We provide building blocks, solutions, and services to protect sensitive data and enable digital citizen rights.
Why us: We are experts in crafting security to balance compliance with practical security, we have vast experience with the GDPR.
Relevant solutions:Data securityZero Trust and end-to-end encryption solutionsSaaS data security solutionsSecurity advisory & strategy serviceyMobile applications security solutions
Relevant customer stories:Building ironclad data security for M&A solution leader