It's true to say that modern data storage regulations can be a minefield. Lightsafe has been designed expressly to help you navigate through it.
Lightsafe helps you check your regulatory-ciompliance boxes by identifying key players in the world of regulatory compliance - and helping you fulfill each body's requirements.
This means Lightsafe customers can prove they are maintaining immutable backups on third-party servers that comply with industry standards for data security.
GDPR & UK GDPR - Lightsafe adheres to General Data Protection Regulation (GDPR) privacy policies. Data Processing Agreement Addendums (DPAs) for EEA/EU and UK residents are available for compliance standards.
HIPAA - Lightsafe can provide a Business Associate Agreement (BAA) upon request for business customers who are Covered Entities under the Health Insurance Portability and Accountability Act (HIPAA).
SOC 2 Type 2 - Lightsafe has achieved Service Organization Control (SOC) 2 Type 2 compliance by an independent third-party firm. Lightsafe operates in data centers that are also SOC 2 compliant.
PCI DSS - Lightsafe utilizes Stripe to store and process card information, which, combined with internal security controls, contributes to Lightsafe’s adherence to Payment Card Industry Data Security Standard (PCI-DSS) requirements.
COBIT - Lightsafe is compliant with this business-oriented framework that helps organisations manage risk and compliance.
CYBER ESSENTIALS - Lightsafe fulfils the requirements of this UK government-backed annually assessed cyber security certification.
NIST - Lightsafe's supports this US government framework helping businesses understand and manage cybersecurity risk.
HECVAT - Lightsafe's storage partner has completed the Higher Education Community Vendor Assessment Tool (HECVAT) assessment, which can be accessed via Whistic.
StateRAMP Progressing Snapshot - Lightsafe's storage provider is listed as a Progressing Product in the State Risk and Authorization Management Program (StateRAMP) Authorized Product List.
ISO 27000 Series - Lightsafe predominantly utilizes data centers that hold International Organization for Standardization (ISO) 27001 certificates, which can be accessed via Whistic.
TX-RAMP Provisional - Lightsafe's storage partner is listed in the Texas Risk and Authorization Management Program (TX-RAMP) Certified Cloud Products list with a Certification Status of TX-RAMP Provisional.
TPN - Lightsafe's storage partner has obtained Trusted Partner Network (TPN) Blue Shield status that is aligned with the Motion Picture Association (MPA) Content Security Best Practices (CSBP) framework.
CCPA/CPRA - Lightsafe's storage partner satisfies California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA) privacy obligations, including consumer request, data inventory, and a privacy notice.
Internet2 - Lightsafe's storage partner has completed the Internet2 Cloud Scorecard for research and educational institutions, and connects to the Internet2's network as part of the Internet2 Peer Exchange (I2PX) program. Lightsafe works closely with leading third-party organizations to address security and privacy requirements.
Each organisation, wherever it operates, will have a unique perspective on the security frameworks to which it should adhere. This will be based on a number of factors including international legal requirements, client expectation and how backup/restore protocols might impact day-to-day operations and business continuity in the event of a disaster.
Lightsafe provides a range of compliance achievements and security-related services to safeguard account access and the data within accounts. Our storage partner has received SOC 2 Type 2 certification. Key features to keep your data secure and compliant with GDPR/UK GDPR, PCI-DSS, and ISO 27001 include multi-factor authentication, application keys, access management controls, server-side encryption (SSE), and Object Lock immutability. Data is stored in infrastructure designed for 11 nines durability. All data centers are equipped with best-in-class security features and staffed 24/7/365.
Lightsafe cannot access your data, and does not share your personal information. Ever.
Whatever the specific compliance environment, every organisations will certainly require the following, which Lightsafe has been expressly designed to address:
|
Each of these measures is designed to help you meet with your regulatory cyber security, data transfer and storage requirements.