COMPLIANCE STANDARDS

Code of practice for protecting personally identifiable information (PII) in public clouds acting as PII processors. 

Egnyte is a PII processor that complies with the applicable obligations of ISO/IEC 27018:2019 for its Information Security Management System and privacy protection.

Egnyte is SOC 2 SSAE 18 Type 2 compliant, ensuring that we securely manage your data to protect your organization's interests and all clients' privacy. An independent auditor issued the SOC 2 attestation report, which assessed our compliance with selected Trust Services criteria.

The SOC 2 report is intended to provide users with information that may be useful when assessing the risks arising from interactions with Egnyte’s system. Specifically, this report refers to the examination of a service organization’s description of its system, design, and controls operating effectiveness relevant to security, availability, processing integrity, and confidentiality to meet the criteria related to security, availability, processing integrity, and confidentiality outlined in 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria).

As part of a wider effort to protect its supply chain and the Defense Industrial Base (DIB) against cybersecurity threats, the U.S. Department of Defense plans to implement the Cybersecurity Maturity Model Certification (CMMC 2.0). 

In December 2023, the US DoD issued a Proposed Rule for CMMC 2.0, which confirmed its planned 2025 implementation date. The rule was also codified when CMMC 2.0 became a formal DoD contractual requirement.

Egnyte has a secure and controlled environment for CUI, with built-in workflows to fast-track CMMC certification requirements. Its secure data enclave satisfies many CMMC requirements by default. The solution also includes proven data governance capabilities and the optional ability to discover CUI/FCI in third-party repositories.

For customers who need to comply with the minimum cybersecurity standards set by DFARS, Egnyte has the necessary controls to meet the NIST 800-171 requirements by implementing the ISO27001 controls.

Egnyte provides our customers with a mapping based on NIST 800-171 Appendix D tables.

Egnyte’s commitment to security and confidentiality for customer data has not changed under CCPA. Your business may use our services platform under our applicable terms of service. 

Customers should consult with their advisers to ensure they meet their obligations under CCPA.

Read this FAQ for more information.

The CPRA expands the rights granted to California consumers under the CCPA and introduces new privacy rights.

Read this FAQ for more information.

Egnyte is committed to data sovereignty by directing that all European customer data and metadata be stored solely within European-based cloud repositories, ensuring compliance with the laws and standards of the country in which the data resides. EU data stays in the EU.

Egnyte complies with the General Data Protection Regulation (GDPR) requirements, and we help organizations meet their own GDPR data privacy obligations. Customers in the EU and globally can use Egnyte as a content management and governance platform to help implement their GDPR compliance program.

Egnyte’s customer base enjoys the robust protections offered under Egnyte’s Data Protection Addendum, which may be found at the following link: https://www.egnyte.com/data-protection-addendum (the “DPA”). Among other things, the DPA: i. recites critical provisions of GDPR that Egnyte follows, ii. attaches and incorporates Standard Contractual Clauses adopted in the EU (the “SCCs”), and iii. describes essential data security procedures employed by Egnyte to protect customer data.

Additional details regarding Egnyte’s privacy-first approach can be found in our online Privacy Policy at the following link: https://www.egnyte.com/privacy-policy. Note: through early 2022, Egnyte had been annually certifying to the EU–US Privacy Shield Framework. However, especially in light of the Court of Justice for the European Union’s decision from July 2020 in the “Schrems II” case and Egnyte’s timely adoption of the SCCs, Egnyte determined that a recertification for 2022-23 was unwarranted.

Egnyte offers a specialized, life sciences-focused platform with features meeting the 21 CFR Part 11 and Annex 11 requirements*. 

In conjunction with a platform-specific validation package, customers can implement this specialized solution in regulated environments (e.g., environments that need to meet GxP requirements).

Our industry-focused software is continuously validated to ensure its key features relevant to high-stakes use cases, such as reviewable audit trails, data integrity tools, access control, and e-signature capabilities meet regulatory requirements.