Regulatory Compliance

It's true to say that modern data storage regulations can be a minefield.  Lightsafe has been designed expressly to help you navigate through it.

Lightsafe helps you check your regulatory-ciompliance boxes by identifying key players in the world of regulatory compliance - and helping you fulfill each body's requirements. 

This means Lightsafe customers can prove they are maintaining immutable backups on third-party servers that comply with industry standards for data security.

 

GDPR & UK GDPR - Lightsafe adheres to General Data Protection Regulation (GDPR) privacy policies. Data Processing Agreement Addendums (DPAs) for EEA/EU and UK residents are available for compliance standards.

 

HIPAA - Lightsafe can provide a Business Associate Agreement (BAA) upon request for business customers who are Covered Entities under the Health Insurance Portability and Accountability Act (HIPAA).

 

SOC 2 Type 2 - Lightsafe has achieved Service Organization Control (SOC) 2 Type 2 compliance by an independent third-party firm. Lightsafe operates in data centers that are also SOC 2 compliant.

 

PCI DSS - Lightsafe utilizes Stripe to store and process card information, which, combined with internal security controls, contributes to Lightsafe’s adherence to Payment Card Industry Data Security Standard (PCI-DSS) requirements.

 

COBIT - Lightsafe is compliant with this business-oriented framework that helps organisations manage risk and compliance.

 

CYBER ESSENTIALS - Lightsafe fulfils the requirements of this UK government-backed annually assessed cyber security certification.

 

NIST - Lightsafe's supports this US government framework helping businesses understand and manage cybersecurity risk.

 

HECVAT - Lightsafe's storage partner has completed the Higher Education Community Vendor Assessment Tool (HECVAT) assessment, which can be accessed via Whistic.

StateRAMP Progressing Snapshot - Lightsafe's storage provider is listed as a Progressing Product in the State Risk and Authorization Management Program (StateRAMP) Authorized Product List.

 

ISO 27000 Series - Lightsafe predominantly utilizes data centers that hold International Organization for Standardization (ISO) 27001 certificates, which can be accessed via Whistic.

  • 27001 and 27002 (information security management)
  • 27018 (cloud computing)
  • 27031 (disaster recovery)
  • 27040 (storage security)
  • 27799 (information security in healthcare)

 

TX-RAMP Provisional - Lightsafe's storage partner is listed in the Texas Risk and Authorization Management Program (TX-RAMP) Certified Cloud Products list with a Certification Status of TX-RAMP Provisional.

 

TPN - Lightsafe's storage partner has obtained Trusted Partner Network (TPN) Blue Shield status that is aligned with the Motion Picture Association (MPA) Content Security Best Practices (CSBP) framework.

 

CCPA/CPRA - Lightsafe's storage partner satisfies California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA) privacy obligations, including consumer request, data inventory, and a privacy notice.

 

Internet2 - Lightsafe's storage partner has completed the Internet2 Cloud Scorecard for research and educational institutions, and connects to the Internet2's network as part of the Internet2 Peer Exchange (I2PX) program. Lightsafe works closely with leading third-party organizations to address security and privacy requirements.

 

Each organisation, wherever it operates, will have a unique perspective on the security frameworks to which it should adhere.  This will be based on a number of factors including international legal requirements, client expectation and how backup/restore protocols might impact day-to-day operations and business continuity in the event of a disaster.

Lightsafe provides a range of compliance achievements and security-related services to safeguard account access and the data within accounts.  Our storage partner has received SOC 2 Type 2 certification. Key features to keep your data secure and compliant with GDPR/UK GDPR, PCI-DSS, and ISO 27001 include multi-factor authentication, application keys, access management controls, server-side encryption (SSE), and Object Lock immutability. Data is stored in infrastructure designed for 11 nines durability.  All data centers are equipped with best-in-class security features and staffed 24/7/365.

Lightsafe cannot access your data, and does not share your personal information.  Ever.

Whatever the specific compliance environment, every organisations will certainly require the following, which Lightsafe has been expressly designed to address: 

 

  • Daily local and offsite backups - Easily managed through central Lightsafe platform.

  • 3-2-1 Backup strategy (3 copies of data, 2 local backups and one offsite) - Lightsafe's cloud solution gives you the security of knowing your offsite copy is secure; the simple Local Backup option also gives you the facility to automate further LAN/WAN copies of your data.

  • Physical security - Data is held, AES encrypted, in at least one Secure Data centre - under the control of a NASDAQ-listed corporation - in your region of choice

  • Account security - Protect your Lightsafe account with 2-factor authentication; additionally, all data is encrypted using your private encryption key.
  • Encryption - All Lightsafe data is encrypted at rest and transferred using military-grade AES-256 encryption.  It's not even possible for Lightsafe to access your original data (so keep your encryption keys secure!)

  • Retention - Simply choose your preferred Account/Profile/Machine retention periods through the Lightsafe platform

  • Auditing - Record and report of account logins / IP addresses, Account/Profile/Machine modifications.

  • Reporting - Lightsafe Platform gives a powerful at-a-glance summary of running, failed and cancelled jobs - and servers with no scheduled backups.  You configure your own level of granular reporting by Account/Profile/Machine - on every success/complete/failed/cancelled backup event.

  • Immutability - New changes are written to new blocks, ensuring your data is saved as immutable versions every time there is a change - up to your specified retention period.

  • Testing - Your Platform Account Overview details last machine restore date. It is always good practice to test-restore your backups.  Lightsafe will send monthly email restore reports - and also nag if you haven't restored a machine within the past quarter, all helping to meet your specified data compliance standards.

 

Each of these measures is designed to help you meet with your regulatory cyber security, data transfer and storage requirements.