Matomo

Data security and privacy compliance | Cossack Labs

🇺🇦 We stand with Ukraine, and we stand for Ukraine. We offer free assessment and mitigation services to improve Ukrainian companies security resilience.

Solution

Data security & privacy compliance

Compliance and regulatory requirements are among top priorities for any serious security team. Many of them impact data security decisions and product strategy.

So, whether you’re just getting started with building your compliance posture or facing imminent audits, some of our tools and services may help you meet many data and application security-related compliance requirements.

Geography

Choose geography of your projects

All

Applicable industries:

Choose a industry of your projects

All

Compliance type:

Choose a type of your projects

All

Results (8)

The ISO/IEC 27002:2022 standard is used as a reference for controls when implementing an Information Security Management System, incorporating data access controls, cryptographic control of sensitive data, and key management.

Industries: All

Type: Certification standard

What we can do: We can help you to cover a number of technological security controls by using our data security software products. We can also assist you in covering organizational controls via our services and security advisory.

Why us: We know how to cross the chasm between high-level ISMS security and practical technological and risk considerations.

The ETSI EN 303 645 standard outlines a set of baseline security requirements for consumer Internet of Things (IoT) devices. It enables suppliers to assess their devices' compliance against the ETSI EN 303 645 in self-assessments or via testing labs.

Industries: IoT, Consumer

Type: Standard

What we can do: We provide security tools as well as services to audit, improve, and design protection.

Why us: We have vast experience in industrial security in addition to understanding of mass software products and problems of scale that make consumer IoT especially challenging.

The CPRA revises and toughens some aspects of the CCPA and creates a new consumer privacy agency to enforce consumer privacy rights.

Industries: All

Type: Legal regulation

What we can do: We provide services and tools to improve security of stored sensitive data and prevent legal liabilities after security breaches.

Why us: We understand how to combine formal compliance and practical security in a way that doesn't hinder the product yet brings compliance and security.

The Sarbanes–Oxley Act protects investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes.

Industries: Finance

Type: Legal regulation

What we can do: Section 404 mandates complex controls, including security controls (as a subset of ITGC).

Why us: We understand how to mix formal requirements with practical security benefits.

USA🇺🇸, Canada🇨🇦

The FIPS 140-3 is a US government computer security standard used to validate cryptographic modules. This standard is used to design and implement cryptographic modules that federal departments and agencies operate or are operated for them under contract.

Industries: All

Type: Certification standard

What we can do: All of our products can be bespoke-compiled to run with a number of FIPS 140-3 validated crypto modules.

Why us: We are experts in the problem domain. Since 2014, we have been providing cryptographic libraries tailored to specific country regulations.

The COPPA applies when personal information about children under 13 is collected online. It includes requirements to take adequate precautions to protect sensitive data collected from/regarding children (§ 312.8).

Industries: All

Type: Legal regulation

What we can do: We can provide security engineering and consulting services to assess, design, implement, and validate appropriate security measures.

Why us: We are experts in crafting security to balance compliance with practical security.

The LGPD outlines how to legally collect, process, handle, secure, and destroy personal data. It applies to any processing operation carried out by a natural person or a legal entity under either public or private law, irrespective of the means.

Industries: All

Type: Legal regulation

What we can do: We can help you build security controls and measures according to chapter VII.

Why us: We are experts in crafting security to balance compliance with practical security. We advise and implement data protection measures that don't ruin system behvaiour and user experience: data encryption, masking, tokenization.

EU🇪🇺

The GDPR requires businesses to protect EU citizens' personal data and privacy while making transactions within the EU member states. The GDPR also regulates the export of personal data outside the EU.

Industries: All

Type: Legal regulation

What we can do: We provide building blocks, solutions, and services to protect sensitive data and enable digital citizen rights.

Why us: We are experts in crafting security to balance compliance with practical security, we have vast experience with the GDPR.

Contact us

Get whitepaper

Thank you!
We’ve received your request and will respond soon.