COMPLIANCE STANDARDS

Privacy and Data Protection

Egnyte maintains compliance with the strictest standards to ensure privacy and data protection for its customers. Egnyte’s hybrid architecture gives enterprises complete control over where the data resides. As a result, it has been the solution of choice for thousands of customers in highly-regulated industries (e.g., financial services, healthcare) and regulatory environments, such as the E.U.

Standards

INFORMATION SECURITY MANAGEMENT SYSTEM - ISO/IEC 27001

INFORMATION SECURITY MANAGEMENT SYSTEM - ISO/IEC 27001

The Egnyte information security management system is ISO/IEC 27001:2013 certified. 

This certification is the leading global information security standard, and it outlines the policies and controls organizations use to manage risk and secure their data.

The guidelines for establishing, implementing, and maintaining our information security management system fall under this international standard, which confirms that our products, supporting infrastructure, people, and processes operate within agreed-upon requirements and best practices.

ISO/IEC 27001:2013 – Information Security Management
ISO/IEC 27018:2019 INFORMATION TECHNOLOGY — SECURITY TECHNIQUES

ISO/IEC 27018:2019 INFORMATION TECHNOLOGY — SECURITY TECHNIQUES

Code of practice for protecting personally identifiable information (PII) in public clouds acting as PII processors. 

Egnyte is a PII processor that complies with the applicable obligations of ISO/IEC 27018:2019 for its Information Security Management System and privacy protection.

SOC 2 COMPLIANCE

SOC 2 COMPLIANCE

Egnyte is SOC 2 SSAE 18 Type 2 compliant, ensuring that we securely manage your data to protect your organization's interests and all clients' privacy. An independent auditor issued the SOC 2 attestation report, which assessed our compliance with selected Trust Services criteria.

The SOC 2 report is intended to provide users with information that may be useful when assessing the risks arising from interactions with Egnyte’s system. Specifically, this report refers to the examination of a service organization’s description of its system, design, and controls operating effectiveness relevant to security, availability, processing integrity, and confidentiality to meet the criteria related to security, availability, processing integrity, and confidentiality outlined in 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria).

Cyber Essentials

Cyber Essentials

Cyber Essentials is an effective UK government-backed scheme that helps protect Egnyte's clients against various cyber attacks.

Our self-assessment option gives you peace of mind that our defenses will protect you against the vast majority of common cyber attacks.

Cyber Essentials
CMMC 2.0 Compliance

CMMC 2.0 Compliance

As part of a wider effort to protect its supply chain and the Defense Industrial Base (DIB) against cybersecurity threats, the U.S. Department of Defense plans to implement the Cybersecurity Maturity Model Certification (CMMC 2.0). 

In December 2023, the US DoD issued a Proposed Rule for CMMC 2.0, which confirmed its planned 2025 implementation date. The rule was also codified when CMMC 2.0 became a formal DoD contractual requirement.

Egnyte has a secure and controlled environment for CUI, with built-in workflows to fast-track CMMC certification requirements. Its secure data enclave satisfies many CMMC requirements by default. The solution also includes proven data governance capabilities and the optional ability to discover CUI/FCI in third-party repositories.

Defense Federal Acquisition Regulation Supplement (DFARS Compliance)

Defense Federal Acquisition Regulation Supplement (DFARS Compliance)

For customers who need to comply with the minimum cybersecurity standards set by DFARS, Egnyte has the necessary controls to meet the NIST 800-171 requirements by implementing the ISO27001 controls.

Egnyte provides our customers with a mapping based on NIST 800-171 Appendix D tables.

Regulations/Privacy

CCPA

CCPA

Egnyte’s commitment to security and confidentiality for customer data has not changed under CCPA. Your business may use our services platform under our applicable terms of service. 

Customers should consult with their advisers to ensure they meet their obligations under CCPA.

Read this FAQ for more information.

CPRA

CPRA

The CPRA expands the rights granted to California consumers under the CCPA and introduces new privacy rights.

Read this FAQ for more information.

EU Customers

EU Customers

Egnyte is committed to data sovereignty by directing that all European customer data and metadata be stored solely within European-based cloud repositories, ensuring compliance with the laws and standards of the country in which the data resides. EU data stays in the EU.

Egnyte complies with the General Data Protection Regulation (GDPR) requirements, and we help organizations meet their own GDPR data privacy obligations. Customers in the EU and globally can use Egnyte as a content management and governance platform to help implement their GDPR compliance program.

Egnyte’s customer base enjoys the robust protections offered under Egnyte’s Data Protection Addendum, which may be found at the following link: https://www.egnyte.com/data-protection-addendum (the “DPA”). Among other things, the DPA: i. recites critical provisions of GDPR that Egnyte follows, ii. attaches and incorporates Standard Contractual Clauses adopted in the EU (the “SCCs”), and iii. describes essential data security procedures employed by Egnyte to protect customer data.

Additional details regarding Egnyte’s privacy-first approach can be found in our online Privacy Policy at the following link: https://www.egnyte.com/privacy-policy. Note: through early 2022, Egnyte had been annually certifying to the EU–US Privacy Shield Framework. However, especially in light of the Court of Justice for the European Union’s decision from July 2020 in the “Schrems II” case and Egnyte’s timely adoption of the SCCs, Egnyte determined that a recertification for 2022-23 was unwarranted.

Industry

FDA+EMA

21 CFR PART 11 and EU ANNEX 11

Egnyte offers a specialized, life sciences-focused platform with features meeting the 21 CFR Part 11 and Annex 11 requirements*

In conjunction with a platform-specific validation package, customers can implement this specialized solution in regulated environments (e.g., environments that need to meet GxP requirements).

Our industry-focused software is continuously validated to ensure its key features relevant to high-stakes use cases, such as reviewable audit trails, data integrity tools, access control, and e-signature capabilities meet regulatory requirements.

CSA

The Security, Trust, Assurance, and Risk (STAR) Registry

The Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by Egnyte cloud computing offerings.

STAR encompasses the fundamental principles of transparency, rigorous auditing, and harmonization of standards. Publishing to the registry allows Egnyte organization to show current and potential customers their security and compliance posture, including the regulations, standards, and frameworks they adhere to. It ultimately reduces complexity and helps alleviate the need to fill out multiple customer questionnaires.

CSA STAR Program Listing for Egnyte
Financial Services

Financial Services

Egnyte offers services developed to assist customers in regulated industries in maintaining compliance with regulatory requirements such as AEC, financial services, life sciences, and healthcare. 

As a result, we have invested and continue to invest in developing products intended to meet the stringent needs of these industries, including laws such as HIPAA, FINRA, and SEC requirements, such as SEC Rules 17a-3 or 17a-4, and GxP – “good practice” regulations and guidelines.

Download the Financial Services Security White Paper
HIPAA

HEALTHCARE

Egnyte understands the importance of confidentiality and protecting an individual's Protected Health Information (PHI). 

Egnyte's comprehensive data security enables HIPAA compliance for Payer, Provider, pharmaceutical, and biomedical businesses.

Download Egnyte HIPAA Statement