The Enterprise Shield add-on offers the highest level of security for compliance/assurance including:
- Everything included in standard Security Shield package.
- Annual completion of customer security questionnaire.
- Customized security compliance reporting (agreed upon in contract).
- Implementation of the TLS certificate provided by the customer.
- Audit Log that allows loading of GoodData Platform events into customer SIEM.
- Additionally, for the period between one week ago and three weeks ago, one backup package per week is stored for a workspace.
Depending on your preference, the Self-Service or Managed option can be chosen. Under the Self-Service option, you retain full administrative privileges and remain fully responsible for security and compliance of your Data Product. GoodData assists by providing annual security compliance review via our Enterprise Shield Protocol. Customers on Managed Enterprise Shield have their Data Product fully managed by GoodData and GoodData ensures ongoing security and compliance. Switching between Self-Service and Managed Enterprise Shield is possible. However, specific timelines and the purchase of Professional Services might be required when moving from Self-Service to Managed Enterprise Shield.
Full Audit Trail of all Access of GoodData Personnel to Customer Data
- No customer data outside of GoodData Platform (Strong technical controls, all access to customer data is restricted to secure and fully audited terminal server within the platform security perimeter)
- Dedicated S3 bucket with IP whitelisting & dual set of credentials
- All GD employee access to data from Terminal Server where all user sessions are fully recorded and audited
- All Support access to customer workspaces via impersonation (full audit trail who accessed the data)
- Impersonation of customer accounts requires written permission from the customer
- All support access to customer data by means of impersonation of platform users are subject to audit
- All Enterprise Shield controls and implementations are covered by a SOC 2 Type II Audit
Additional Assurance on Selected Workspaces (Managed Enterprise Shield)
ISO 27001 compliant and SOC 2 Type II audited processes for implementation and maintenance of the solution
- Implementation in Services follows formal processes to increase robustness of the implementation, decrease risks related to human error, which might be otherwise acceptable in agile environment with limited compliance requirements, and to produce records that demonstrate adherence both to industry standard secure SDLC practices and to process requirements:
- Documented customer data flow
- Formal architectural review
- Secure coding practices enforced via code review
- Formal security review of the solution
- Formal change management of the solution including Segregation of Duties
- Management and compliance approval before go-live
For standard implementations, Professional Services follow industry standard best practices, however, for the sake of agility and cost-efficiency, there is limited formal documentation (typically just a customer sign-off prior to go-live) and segregation of duties is not enforced (one engineer may be responsible for design, implementation, testing and roll-out).
Additional Assurance on Selected Workspaces (Self-Service Enterprise Shield)
- You remain responsible for information security and compliance of your Data Product and for keeping the Data Product up to date with the GoodData blueprint and the best practices described in the Documentation.
- On an annual basis, you are entitled to security and compliance review of your Data Product by GoodData. The review is facilitated by your Customer Success Manager and follows a formal Protocol. You receive a written report including results of the review:
- “Fully Compliant,” meaning that the implementation conforms to the security requirements and no further actions are needed.
- “Partially Compliant,” meaning that the implementation does not fully conform to the security requirements. You should consider GoodData’s recommendation to resolve the issue, as well as your internal security and compliance standards and practices, and decide whether a corrective action is needed
- “Non-Compliant,” meaning that the implementation does not meet the requirement and corrections must be made before the Data Product Goes Live. If you do not remediate these findings, GoodData cannot guarantee that the requirements of the applicable regulations are adequately met.
In addition, GoodData may provide further observations or guidance specific to your implementation.
- Additional reviews may be requested by you as needed; GoodData recommends conducting the review as part of Go-Live procedures in order to ensure ongoing security and compliance of the Data Product. Such additional reviews are subject to Success Advisory hours.
- Self-Service Enterprise Shield customers may purchase Success Advisory hours, however Success Advisory services are limited to consultation and advice (including diagnostics and troubleshooting), but do not include any changes to Production environment or work to implement the changes.
Additional Regulatory Compliance
In order to ensure that the customer complies with the applicable regulatory requirements and data protection laws GoodData offers the additional security add-ons. The add-ons must be purchased by the customer on top of Enterprise Shield to ensure that the customer complies with the applicable regulatory requirements and data protection laws.