Data security & privacy compliance

The ISO/IEC 27002:2022 standard is used as a reference for controls when implementing an Information Security Management System, incorporating data access controls, cryptographic control of sensitive data, and key management.

What we can do: We can help you to cover a number of technological security controls by using our data security software products. We can also assist you in covering organizational controls via our services and security advisory.

Why us: We know how to cross the chasm between high-level ISMS security and practical technological and risk considerations.

Relevant products:Acra

Relevant solutions:Security advisory & strategy serviceProduct security & SSDLC

Relevant customer stories:Encrypting patients' data across hospital networks

The ETSI EN 303 645 standard outlines a set of baseline security requirements for consumer Internet of Things (IoT) devices. It enables suppliers to assess their devices' compliance against the ETSI EN 303 645 in self-assessments or via testing labs.

What we can do: We provide security tools as well as services to audit, improve, and design protection.

Why us: We have vast experience in industrial security in addition to understanding of mass software products and problems of scale that make consumer IoT especially challenging.

Relevant products:ThemisAcra

Relevant solutions:Critical national infrastructure securitySecurity for consumer appsReinforcing trust by auditable and verifiable systems

Relevant customer stories:Protecting telemetry data in state-wide critical infrastructure network

The CPRA revises and toughens some aspects of the CCPA and creates a new consumer privacy agency to enforce consumer privacy rights.

What we can do: We provide services and tools to improve security of stored sensitive data and prevent legal liabilities after security breaches.

Why us: We understand how to combine formal compliance and practical security in a way that doesn't hinder the product yet brings compliance and security.

Relevant products:ThemisAcra

Relevant solutions:Product security & SSDLCSecurity engineering & architectureMobile applications security solutions

Relevant customer stories:End-to-end encryption and multi-device synchronisation for 6M users

The Sarbanes–Oxley Act protects investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes.

What we can do: Section 404 mandates complex controls, including security controls (as a subset of ITGC).

Why us: We understand how to mix formal requirements with practical security benefits.

Relevant products:ThemisAcraHermes

Relevant solutions:Data security in FintechBlockchain and cyptocurrencies security solutionsSecurity engineering & architecture

Relevant customer stories:Building ironclad data security for M&A solution leader

The FIPS 140-3 is a US government computer security standard used to validate cryptographic modules. This standard is used to design and implement cryptographic modules that federal departments and agencies operate or are operated for them under contract.

What we can do: All of our products can be bespoke-compiled to run with a number of FIPS 140-3 validated crypto modules.

Why us: We are experts in the problem domain. Since 2014, we have been providing cryptographic libraries tailored to specific country regulations.

Relevant products:ThemisAcraHermes

Relevant solutions:Cryptography engineeringZero Trust and end-to-end encryption solutions

Relevant customer stories:Protecting telemetry data in state-wide critical infrastructure network

The COPPA applies when personal information about children under 13 is collected online. It includes requirements to take adequate precautions to protect sensitive data collected from/regarding children (§ 312.8).

What we can do: We can provide security engineering and consulting services to assess, design, implement, and validate appropriate security measures.

Why us: We are experts in crafting security to balance compliance with practical security.

Relevant products:ThemisAcra

Relevant solutions:Data security solutionsZero Trust and end-to-end encryption solutionsMobile applications security solutions

Relevant customer stories:End-to-end encryption and multi-device synchronisation for 6M users

The LGPD outlines how to legally collect, process, handle, secure, and destroy personal data. It applies to any processing operation carried out by a natural person or a legal entity under either public or private law, irrespective of the means.

What we can do: We can help you build security controls and measures according to chapter VII.

Why us: We are experts in crafting security to balance compliance with practical security. We advise and implement data protection measures that don't ruin system behvaiour and user experience: data encryption, masking, tokenization.

Relevant products:ThemisAcra

Relevant solutions:Data securityZero Trust and end-to-end encryption solutionsSaaS data security solutionsSecurity advisory & strategy service

Relevant customer stories:Building ironclad data security for M&A solution leader

The GDPR requires businesses to protect EU citizens' personal data and privacy while making transactions within the EU member states. The GDPR also regulates the export of personal data outside the EU.

What we can do: We provide building blocks, solutions, and services to protect sensitive data and enable digital citizen rights.

Why us: We are experts in crafting security to balance compliance with practical security, we have vast experience with the GDPR.

Relevant products:ThemisAcra

Relevant solutions:Data securityZero Trust and end-to-end encryption solutionsSaaS data security solutionsSecurity advisory & strategy servicesMobile applications security solutions

Relevant customer stories:Building ironclad data security for M&A solution leader