Compliance

SSAE-16_Compliant_100xEdgeWave develops and markets on demand, on-premises, and hybrid Secure Content Management (SCM) solutions to businesses and organizations in every market sector. In order to provide comprehensive security and privacy, EdgeWave builds its products and services in accordance with security best practices and provides appropriate security features in all of our solutions. In addition, because EdgeWave customers use our products and services to assure a secure application environment, the confidentiality, integrity, and availability of our customers’ data is of the greatest importance to EdgeWave, as is maintaining the trust and confidence of the markets we serve

EdgeWave provides information and validation of its privacy and confidentiality controls to customers through third party audit results. This information assists customers in understanding the controls that are in place relevant to the EdgeWave products and services that they use, and confirms how those controls have been validated by independent auditors. This information enables customers to validate that controls are operating effectively in their extended environments.

Overview

EdgeWave has taken the following steps to ensure that our infrastructure is secure:

  • Third Party Audit: EdgeWave publishes a Service Organization Controls 1 (SOC1) Type 2 report. This audit report is published under both the SSAE 16 and the ISAE 3402 professional standards as well as a Service Organization Controls 2 (SOC 2) report.
  • Physical Security: EdgeWave has utilized a network of data centers in a variety of geographic locations for a number of years in order to provide full redundancy for our products and services. The data centers are secured with variety of biometric and physical controls to ensure the access is limited solely to those employees who are authorized to perform maintenance.
  • Secure Services: All of the products EdgeWave produces are designed to be secure and contain a number of controls that restrict unauthorized access.
  • Data Privacy and Confidentiality: EdgeWave has a published Privacy Policy available on our Privacy Policy page. In addition, all employees are required to review and abide by EdgeWave’s Privacy Notice which details employees’ responsibilities regarding the handling of Customer Confidential Information.

Compliance with Safe Harbor Data Privacy Laws

EdgeWave Safe Harbor Privacy Policy
To provide an adequate level of protection for Personal Data received from the European Union (EU), the European Economic Area (EEA) and Switzerland, KnowBe4, Inc. (“KNOWBE4″ or “the Company”) adheres to the Safe Harbor Principles developed by the United States Department of Commerce and the European Commission and Switzerland. This Safe Harbor Privacy Policy (the “Policy”) sets forth the privacy principles that EdgeWave follows when processing Personal Data received from the EU, the EEA or Switzerland. The privacy principles in this Policy are based on the Safe Harbor Principles referenced above.

Third Party Audits

SOC 1/SSAE 16/ISAE 3402: EdgeWave now publishes a Service Organization Controls 1 (SOC 1), Type 2 report. This audit is conducted in accordance with the Statement on Standards for Attestation Engagements No 16 (SSAE 16) and the International Standards for Assurance Engagements No. 3402. This report has a dual standard that meets a broad range of auditing requirements for United States and international auditing bodies. The SOC 1 report audit confirms that EdgeWave’s infrastructure and environment are appropriately designed and that the individual controls defined to safeguard customer data are operating effectively. Our commitment to the SOC 1 report is on-going and we plan to continue our process of periodic audits. This audit is the replacement of the Statement on Auditing Standards No. 70 (SAS 70) Type II report.

SOC 2: SOC 2: In addition to the SOC 1 report, EdgeWave publishes a Service Organization Controls 2 (SOC 2), Type 2 report. This report is similar to the SOC 1 in the evaluation of controls. The SOC 2 report is an audit report that expands the scope of the evaluation of controls to the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. These principles define leading practice controls in the areas of security, availability, processing integrity, confidentiality, and privacy applicable to service organizations such as EdgeWave. The EdgeWave SOC 2 is an audit of the design and operating effectiveness of controls that meet the criteria for the security principles set forth in the AICPA’s Trust Services Principles criteria. This report provides another layer of transparency into EdgeWave’s security based on a pre-defined industry standard of leading practices and further demonstrates EdgeWave’s commitment to protecting customer data. In 2013 EdgeWave completed this audit with a 100 percent regulatory compliance rating. The CPA firm conducting the audit found zero defects in the security and privacy environment surrounding our customers’ data. In 2013 EdgeWave completed this audit with a 100 percent compliance rating. The CPA firm conducting the audit found zero defects in the security and privacy environment surrounding our customers’ data.

Additional Compliance Resources

HIPAA: EdgeWave has a number of healthcare customers who use our security solutions and are compliant with HIPAA’s Security and Privacy Rules. EdgeWave provides the security controls that help our customers secure their electronic health records.

Review: EdgeWave has invested in the infrastructure, systems, policies and procedures necessary to protect our customer’s data. The evaluation of this environment by an independent third party auditor, using internationally recognized criteria specific to service organizations, confirms that this data is handled with the upmost attention to security, privacy, and confidentiality.