Any company holding or processing information of EU citizens is impacted by the GDPR regardless of its location, and is required to comply with the new regulation.
Our teams have reviewed our data privacy policies and updated our security procedures. We’ve also worked with internationally recognized privacy experts to build a global privacy framework to comply with the GDPR and other regulations. Here are the main updates we’ve made:
To ensure Culture Amp is compliant with the latest regulations, we've:
The Culture Amp legal team has been working to ensure our documentations are updated to reflect the GDPR requirements and ensure Culture Amp’s compliance:
To ensure GDPR compliance for international data transfers, Culture Amp will continue to use mechanisms such as the Standard Contractual Clauses in our DPA and the EU-U.S. Privacy Shield. These mechanisms allow companies around the world to comply with EU data protection requirements when transferring personal data from and to the EU.
To learn faster through feedback, we know customers and their employees must trust us with their data, which is why we take information security and data privacy very seriously.
Here’s a look at what Culture Amp’s security experts have been working on:
We’ve aligned our security program with ISO 27001 and expect to be certified in 2018.
Daily vulnerability scanning is performed on all Culture Amp production systems.
We have been working with internationally recognized external privacy consultants in preparation for GDPR compliance.
External Security Audit
Culture Amp regularly undergoes penetration tests and code reviews by expert security consultants.
Dedicated staff is responsible for risk management and information security. We also conduct background checks on all our employees.
Full disk encryption is enabled for all systems containing customer data, backups are encrypted using AES256 symmetric encryption algorithm.
Access to the Culture Amp platform is authenticated using customer's SAML compliant federated identity provider, Google integration or passwords which are hashed with bcrypt algorithm.
Our production environment is fully segregated from corporate, development and test environments. We use Next Gen WAF and RASP technology to protect the Culture Amp Platform.
Secure Development Practices
We follow secure development practices including OWSAP Top 10, and provide ongoing training for employees.