Many businesses now face mandates to maintain and demonstrate proper control and safeguards when handling electronic data. Industry-specific regulations to impose confidentiality, industry portability, and preservation of records force many organizations to implement processes to support data backup and recovery objectives.
To support customers, IDrive® continues to maintain high compliance standards relating to security, confidentiality, availability, data privacy, safekeeping and access.
IDrive® has proudly achieved SOC 2 Type 2 certification through a rigorous evaluation conducted by an independent third-party auditing firm. SOC 2, developed and administered by the American Institute of Certified Public Accountants (AICPA), serves as an essential audit process to assess technology companies and pertains to security, availability and privacy aspects of the company. This certification validates that our cloud backup and storage solutions, as well as our policies and procedures, adhere to industry-leading standards for safeguarding customer data and account information.
A third-party organization audited IDrive's ability to securely manage any business data. It followed SSAE 18 to evaluate IDrive's commitment to security and privacy. Statement on Standards for Attestation Engagements or SSAE establishes standards/controls, with the current version being SSAE21. IDrive® has completed the necessary audits and possesses supporting documentation demonstrating compliance with the standards outlined by SSAE 18.
More information on how IDrive® assists its customers comply with different regulatory standards can be found on IDrive's Compliance Page.
IDrive® addresses data security and privacy concerns by employing a robust security model that includes encrypted data transmission and storage, restricted physical access, and password protection safeguards among its several layers of security measures used to protect customer data.
The EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. Data Privacy Framework (UK Extension to the EU-U.S. DPF), and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) were established to streamline transatlantic commerce. These frameworks offer U.S. organizations dependable mechanisms for personal data transfers from the European Union / European Economic Area, the United Kingdom (including Gibraltar), and Switzerland to the United States, ensuring consistency with EU, UK, and Swiss law. An organization needs to self-certify its commitment to the DPF Principles with the ITA. This involves being listed on the Data Privacy Framework List, which the ITA updates yearly based on organizations' annual re-certification submissions.
IDrive® aligns with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as established by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. IDrive® has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
IDrive® data is encrypted and deployed in top tier data centers certified for SOC 2, ISO 27001 and PCI-DSS. Data is encrypted and securely transmitted to IDrive® servers residing at world-class data centers. These data centers provide Service Organization Control (SOC) approved data protection services. All transmitted data is automatically verified each time a backup takes place.
Data files are encrypted on transfer and stored using AES 256-bit encryption. Data resides on RAID-protected industry leading NAS / SAN storage devices with multiple levels of redundancy and is available for online restores 24/7.
Encryption based on a private encryption key ensures data stored on IDrive® servers cannot be decrypted by anybody other than you and your authorized personnel. Private encryption keys are never stored or escrowed on IDrive® servers as is.
Data access is restricted by password and private key authentication. Our security protocols include two-factor authentication settings, enhancing the protection of your account. All access to the stored data is documented and time/date stamped. Detailed reporting gives regulators a clear idea of the chain of custody of the stored information, and rapid access, should it be required.
Physical access to the vaults and the data center housing IDrive® servers is strictly controlled through administrative procedures, physical safeguards, and technical security measures to prevent unauthorized physical access to IDrive® servers.
Account passwords are never stored or transmitted to IDrive® in plain text.
While IDrive® meets several technical safeguards for maintaining data security, full compliance with specific regulatory requirements is not guaranteed by simply implementing IDrive® solutions. It is important that organizations consult with their legal counsel to ensure applicable compliance regulations are satisfied.