General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) gives EU individuals more freedom to say how their personal data is handled and creates an opportunity for Ivanti to better serve our customers and reaffirm that we are dedicated to data protection.
We’ve carefully reviewed the requirements set by the GDPR, and are actively improving our products, reviewing internal systems and processes, and verifying contracts to comply with the GDPR mandates. For example, we are looking at all the places our employee, customer, and prospect personal data is stored. We are reviewing how that information comes into our systems, how it is secured while it is in our care, how we ensure that only authorised individuals have access to that data, and how we securely handle data retention and deletion.
We are taking the same close look at how our products handle and secure personal data when they are deployed to support our customers’ environments, whether on-premises or in the cloud, and will soon be providing best practise recommendations for using our products in GDPR-compliant environments.
If you have more questions about how Ivanti meets GDPR compliance, please reach out to [email protected] If you’d like to know how our products can help you prepare for GDPR, please visit our website: https://www.ivanti.com/solutions/needs/simplify-gdpr-compliance.
Privacy Shield Framework
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce. (Statement taken from https://www.privacyshield.gov/welcome)
Ivanti obtained EU-U.S. and Swiss-U.S. Privacy Shield certification on December 14, 2018.
Service Organisation Control 2
Service Organisation Control 2 (SOC 2) helps businesses attest that they provide non-financial reporting controls that meet certain levels of service related to the security, availability, processing integrity, confidentiality, and privacy of a system.
For Ivanti, Armanino LLP conducted this attestation of compliance. The attestation report describes Ivanti’s Cloud Service Platform (CSP) system, assesses the fairness of the CSP’s description of its controls, and evaluates whether the controls are appropriately designed and operating effectively over the specified assessment period. The most recent audit occurred in November of 2018 for Ivanti Service Manager.
International Organisation for Standardisation (ISO) & International Electrotechnical Commission (IEC)
The ISO and IEC provide standards that help customers deploy and automate IT solutions with processes that align with the Information Technology Infrastructure Library (ITIL).
Ivanti Service Manager has been found in general compliance with the standards outlined by the ISO and IEC, as stated in the audit plan.
Ivanti Service Manager has received an official FedRAMP Authorised designation!
The Federal Risk and Authorization Management Programme (FedRAMP) is a United States Government-wide programme that provides a standardised approach to security assessment, authorization, and continuous monitoring for cloud-based services. Ivanti’s ATO (authority to operate) designation can be found on the FedRAMP Marketplace.
Please see our press release for more information: https://www.prnewswire.com/news-releases/ivanti-service-manager-achieves-fedramp-authorised-designation-300968005.html.
Section 508 standards are the technical requirements and criteria used to measure conformance to the U.S. Rehabilitation Act. This federal law requires agencies and companies to provide individuals with disabilities equal access to electronic information and data comparable to those who do not have disabilities. More information on Section 508 can be found at Section508.gov.
The following Ivanti products have been deemed 508 compliant through self-attestation: Application Control, Asset Manager, Endpoint Manager, Environment Manager, File Director, Insight, Patch for Windows, Performance Manager, Service Manager, and Workspace Manager.
U.S. Federal Government Agency Authorization to Operate (ATO)
Authorization to Operate (ATO) is the security approval required to launch a new IT system in the federal government. Government agencies determine whether to grant an information system authorization to operate for a period of time by evaluating if the security risk is acceptable.
Ivanti has received ATOs from the Air Force, Army, Department of Defence (DoD), Defence Health Agency (DHA), Department of Homeland Security (DHS), National Guard, Navy, Pacific Air Forces (PACAF), United States Special Operations Command (SOCOM), and U.S Strategic Command (STRATCOM).