Security

SOC Reports

DWTI provides SOC 1, SOC 2, and SOC 3 reports. These reports evaluate DWTI’s operational controls on criteria set by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. The Trust Services Principles define adequate control systems and establish industry standards for service providers such as DWTI to safeguard their customers’ data and information.

Customers may download the current DWTI SOC 1 and SOC 2 reports from the customer portal or contact our sales team. Our SOC 3 report is available for general use and can be accessed here: DWTI SOC 3 Report.

ISO 27001

ISO 27001 is a widely-adopted global security standard that outlines the requirements for information security management systems and provides a systematic approach to managing company and customer information based on periodic risk assessments. The latest standard, ISO/IEC 27001:2013, was published on September 25, 2013, by the International Standardization Organization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee.

In order to achieve ISO 27001:2013 certification, a company must show it has a systematic and ongoing approach to managing information security risks that affect the confidentiality, integrity, and availability of company and customer information. This standard emphasizes the measurement and evaluation of how well an organization’s Information Security Management System (ISMS) is performing and also includes information security related controls based system along with other requirements.

The DWTI platform is audited by a third-party security firm and meet all requirements of ISO 27001 in every assessed data center: DWTI ISO 27001:2013 Certificate of Registration.

ISO 27018

ISO 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO 29100 for the public cloud computing environment.

In particular, ISO 27018:2014 specifies guidelines based on ISO 27002, taking into consideration the regulatory requirements for the protection of PII, which might be applicable within the context of the information security risk environment(s) of a provider of public cloud services.

The DWTI platform is audited by a third-party security firm and meets all requirements of ISO 27018: DWTI ISO 27018:2014 Certificate of Registration.

Federal Trade Commission

COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.

Cloud Security Alliance – STAR Registrant

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within cloud computing. One of the mechanisms the Cloud Security Alliance uses in pursuit of its mission is the Security, Trust, and Assurance Registry (STAR)—a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings.

PCI Compliance

If you store or process credit card data, then PCI Compliance and network security are of primary concern to your business. To ensure consistent standards for merchants, the Payment Card Industry Security Standards Council established Payment Card Industry (PCI) data security standards. These standards incorporate best practices to protect cardholder data, and they often require validation from a third-party Qualified Service Assessor (QSA).

We help our customers meet their PCI compliance needs by providing an Attestation on Compliance from an independent QSA. The Attestation on Compliance can be used in conjunction with our SOC 2 report and ISO 27001 certification to demonstrate that the infrastructure meets the PCI controls. Customers and their auditors can use our reports to verify the PCI controls that are DWTI’s responsibility are met.

For more information about and assistance to achieve, certify, and maintain PCI compliance for your DWTI environment, please contact our sales team.

HIPAA Compliance

The U.S. Health Insurance Portability and Accountability Act requires specific security controls for businesses that store or process protected health information online. The DWTI cloud platform meets all of the necessary requirements for HIPAA on the data center/service provider side.

For more information about and assistance to achieve, certify, and maintain HIPAA compliance for your DWTI environment, please contact our sales team.

EU Model Clauses

DWTI offers its customers the ability to choose precisely where to locate data, with data centers on five continents. For customers who wish to transfer data originating in the European Economic Area to a country outside the EEA, DWTI offers European Model Clauses in the form approved by the European Commission and European Union’s data protection authorities. The European Model Clauses guarantee European customers that DWTI supports the necessary data privacy protections in every location on the globe. For more information and delivery of the EU Model Clauses for your DWTI environment, please contact our sales team.

Note Regarding Safe Harbor: On October 6, 2015, the EU Courts invalidated the Safe Harbor program. If you are a prospective DWTI EU/EEA customer, or are a current customer and have previously relied on DWTI’s Safe Harbor certification we offer the standard European Model Clause agreement approved by the European Commission for transfers of personal data from Europe to the United States. More Information: IBM Statement on Safe Harbor Ruling