Percona Security & Data Privacy Practices - Percona
source link: https://www.percona.com/legal/percona-security-and-data-privacy-practices
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Third Party Vendors
| Third Party Vendor | Processing Location | Service Performed | Categories of Personal Data |
|---|---|---|---|
| AWS |
United States |
Hosting Provider |
|
| ServiceNow |
United States |
Customer ticketing and communication system |
Customer’s current employees and contractors: |
| Salesforce |
United States |
Processor CRM |
Customer’s current employees and contractors: |
| Slack |
United States |
Customer communication |
Customer’s current employees and contractors: |
| Google – G Suite |
United States |
Processor communication and document retention |
Customer’s current employees and contractors: |
Operational Security
- Encryption at rest (e.g. AES-256) and in-transit (e.g. TLS v1.2 and greater)
- Network protocol and encryption algorithm: we use Secure Shell (SSH) ED25519 or RSA algorithms RSA >= 2048 bit or ED25519 >= 256 bit versions in our environment.
- Second/multi factor authentication is employed leveraging DUO Security.
- CIS hardening is applied where applicable to the OS configuration.
- Additional hardening is applied to reduce the attack surface and ensure scope of access is limited to operational needs.
Privacy
- Interaction with vendors: We rely on contractual agreements, standard contractual clauses, privacy policies, and vendor compliance procedures in order to protect any data processed or stored by our vendors.
- Data Processing: we conduct DPAs with our customers and verified third party providers when personal data is being processed
- Privacy laws: We use all reasonable and appropriate technical and organizational measures to comply with privacy law. Read our Privacy Policy here to learn more.
Compliance
- Percona is ISO27001 certified.
- Percona relies on independent verification of our security, privacy, and compliance practices to help you meet your regulatory and policy objectives.
- We use an external auditor to conduct annual ISO 27001 audits, risk assessments, and penetration tests. Percona also completes an annual PCI-DSS SAQ-D report.
If you have any additional questions regarding Percona’s data privacy measures, please do not hesitate to contact us at [email protected]
Percona has partnered with security risk leader Conveyor to streamline and facilitate an efficient risk review of Percona. Via Conveyor, Percona provides clients and strategic partners with access to Conveyor Shared Profile, which contains copies of all due diligence artifacts commonly requested and multiple precompleted and current information security-related questionnaires. The information contents in Percona’s Conveyor Shared Profile allows a client’s and partner’s compliance, risk, and security personnel to conduct their policy or regulatory required due diligence activities on Percona in the most efficient and timely manner.
Request full access to Percona’s Shared Profile in Conveyor to support your due diligence efforts.
Need help with your open source setup?
Percona Experts will guide you through implementation and support you long-term.
By submitting my information I agree that Percona may use my personal data in sending communication to me about Percona services. I understand that I can unsubscribe from the communication at any time in accordance with the Percona Privacy Policy. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK