Esri Privacy & Security Assurance Advancements

We are kicking off the beginning of the year with some significant privacy & security assurance improvements:

  1. Esri Privacy Shield CompliantAs many of you know, a little over 1 year ago Safe Harbor was found to be inadequate by the European Commission for covering data transfers under EU law.  The US replacement framework, called Privacy Shield, was determined as adequate mid-2016.  Esri is now Privacy Shield self-certified and is listed on the US Dept. of Commerce Privacy Shield website.
  2. Esri General Privacy Statement - The general privacy policy for Esri has been updated to provide further transparency and clarity to be in alignment with our Privacy Shield efforts.
  3. New Products & Services Privacy Statement - Previously, we had a supplemental privacy statement specifically for ArcGIS Online, however, we recognize that our customers deserve stronger privacy assurance across the products and services they purchase from Esri, so we have expanded the supplement significantly to cover items such as ArcGIS Online, Professional Services, and Support.
  4. HIPAA Self-Certified Offering – Customers with Private Health Information (PHI) requiring a HIPAA self-certified implementation of ArcGIS Enterprise might want to check out our HIPAA variation of the Esri Managed Cloud Services offering.  This offering is a HIPAA self-certified offering backed by a Business Associate Agreement (BAA).
  5. Cloud Security Alliance (CSA) Answers – Esri has proudly posted 30 pages for the most common ArcGIS Online security questions to the CSA STAR registry since 2013.  We have recently refreshed the ArcGIS Online answers for the latest revision of the CSA Cloud Controls Matrix (CCM) version 3.0.1.  We have also now posted our answers for Esri Managed Cloud Services Advanced Plus to the CSA STAR registry.
  6. ArcGIS Pro USGCB Self-Certified – With the release of ArcGIS Pro 1.4 we went overboard with a stronger security algorithm then currently approved for FIPS 140-2 compliance.  ArcGIS Pro patch 1.4.1 fixes this issue and was run through USGCB self-certification, so our US government customers can rest assured ArcGIS Pro will work with security hardening constraints in place such as FIPS 140-2.

- The Security Standards & Architecture Team

This entry was posted in Security and tagged , , . Bookmark the permalink.

Leave a Reply