At Culture Amp, we are committed to our customers’ data privacy and information security. We’ve aligned our security programs with ISO 27001, followed secure development practices, provided ongoing training for employees, and more. Recently, we’ve also reviewed our policies and procedures to make sure we are compliant with The General Data Protection Regulation (GDPR).
The GDPR is the new EU data protection regulation, that aims to give EU citizens more control over how organizations collect and process their data, and standardize data protection policies across the EU. This regulation is applicable starting May 25, 2018.
Any company holding or processing information of EU citizens is impacted by GDPR regardless of its location, and is required to comply with the new regulation.
Our teams have reviewed our data privacy policies and updated our security procedures. We’ve also worked with internationally recognized privacy experts to build a global privacy framework to comply with the GDPR and other regulations. Here are the main updates we’ve made:
To ensure Culture Amp is compliant with the latest regulations, we’ve:
The Culture Amp legal team has been working to ensure our documentations are updated to reflect the GDPR requirements and ensure Culture Amp’s compliance:
To ensure GDPR compliance for international data transfers, Culture Amp will continue to use mechanisms such as the Standard Contractual Clauses in our DPA and the EU-U.S. Privacy Shield. These mechanisms allow companies around the world to comply with EU data protection requirements when transferring personal data from and to the EU.
To learn faster through feedback, we know customers and their employees must trust us with their data, which is why we take information security and data privacy very seriously.
Here’s a look at what Culture Amp’s security experts have been working on:
We’ve aligned our security program with ISO 27001.
We have been working with internationally recognized external privacy consultants in preparation for GDPR compliance.
Dedicated staff is responsible for risk management and information security. We also conduct background checks on all our employees.
Access to the Culture Amp platform is authenticated using customer’s SAML compliant federated identity provider, Google integration or passwords which are hashed with bcrypt algorithm.
Daily vulnerability scanning is performed on all Culture Amp production systems.
Culture Amp regularly undergoes penetration tests and code reviews by expert security consultants.
Full disk encryption is enabled for all systems containing customer data, backups are encrypted using AES256 symmetric encryption algorithm.
Our production environment is fully segregated from corporate, development and test environments. We use Next Gen WAF and RASP technology to protect the Culture Amp Platform.