Matomo

Data security and privacy compliance - Cossack Labs

πŸ‡ΊπŸ‡¦ We stand with Ukraine, and we stand for Ukraine. We offer free assessment and mitigation services to improve Ukrainian companies security resilience.

Read more
Solution

Data security & privacy compliance

Compliance and regulatory requirements are pressing agenda item of any serious security team. Many of them impact data security decisions and product strategy.

Thus, whether you’re only building your compliance posture or facing imminent audits, some of our tools and services may help to implement many data and application security-related compliance requirements.

Geography

Choose geography of your projects

All

Applicable industries:

Choose a industry of your projects

All

Compliance type:

Choose a type of your projects

All

Results (8)

Global🌎

The ISO/IEC 27002:2022 standard is used as a reference for controls when implementing an Information Security Management System, incorporating data access controls, cryptographic control of sensitive data, and key management.

Industries: All

Type: Certification standard

What we can do: We can help you to cover a number of technological security controls by using our data security software products, as well as cover organisational controls via our services and security advisory.

Why us: We understand how to cross the chasm between high-level ISMS security and practical technological and risk considerations.

EUπŸ‡ͺπŸ‡Ί

ETSI EN 303 645 standard provides a set of baseline requirements for security in consumer Internet of things (IoT) devices. It allows suppliers to assess the compliance of their devices against ETSI EN 303 645 in self-assessments or via testing labs.

Industries: IoT, Consumer

Type: Standard

What we can do: We provide tools to protect, services to audit, improve, and design protection.

Why us: We have vast experience in industrial security and understanding of mass software products and problems of scale that make consumer IoT especially hard.

The CPRA revises and toughens some aspects of the CCPA and creates a new consumer privacy agency to enforce consumer privacy rights.

Industries: All

Type: Legal regulation

What we can do: We provide services and tools to improve security of stored sensitive data and prevent legal liabilities after security breaches.

Why us: We understand how to combine formal compliance and practical security in a way that doesn't hinder the product yet brings compliance and security.

Sarbanes-Oxley Act protects investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes.

Industries: Finance

Type: Legal regulation

What we can do: Section 404 mandates complex controls, including security controls (as a subset of ITGC).

Why us: We understand how to mix formal requirements with practical security benefits.

USAπŸ‡ΊπŸ‡Έ, CanadaπŸ‡¨πŸ‡¦

FIPS 140-3 is a US government computer security standard used to validate cryptographic modules. This standard is used in designing and implementing cryptographic modules that federal departments and agencies operate or are operated for them under contract.

Industries: All

Type: Certification standard

What we can do: All of our products can be bespoke-compiled to run with a number of FIPS 140-3 validated crypto modules.

Why us: We have deep knowledge of the problem domain. We are vendors of cryptographic libraries since 2014, we have tailored them to specific country regulations.

COPPA applies to online collection of personal information from children under 13. It includes requirements to take adequate measures to protect sensitive data collected from/regarding children (Β§ 312.8).

Industries: All

Type: Legal regulation

What we can do: We can provide security engineering and consulting to assess, design, implement, and validate appropriate security measures.

Why us: We are experts in crafting security to balance compliance with practical security.

The LGPD outlines how to legally collect, process, handle, secure, and destroy personal data. It applies to any processing operation carried out by a natural person or a legal entity of either public or private law, irrespective of the means.

Industries: All

Type: Legal regulation

What we can do: We can help you build security controls and measures according to chapter VII.

Why us: We are experts in crafting security to balance compliance with practical security. We advise and implement data protection measures that don't ruin system behvaiour and user experience: data encryption, masking, tokenization.

EUπŸ‡ͺπŸ‡Ί

The GDPR requires businesses to protect personal data and privacy of the EU citizens for transactions within EU member states. The GDPR also regulates export of personal data outside the EU.

Industries: All

Type: Legal regulation

What we can do: We provide building blocks, solutions, and services to protect sensitive data and enable digital citizen rights.

Why us: We are experts in crafting security to balance compliance with practical security, we have vast experience with the GDPR.

Contact us

Get whitepaper