Many businesses now face mandates to maintain and demonstrate proper control and safeguards when handling electronic data. Industry-specific regulations to impose confidentiality, industry portability, and preservation of records force many organizations to implement processes to support data backup and recovery objectives.
To support customers, IBackup continues to maintain high compliance standards relating to security, confidentiality, availability, data privacy, safekeeping and access.
SOC 2 Type 2
IBackup has proudly achieved SOC 2 Type 2 certification through a rigorous evaluation conducted by an independent third-party auditing firm. SOC 2, developed and administered by the American Institute of Certified Public Accountants (AICPA), serves as an essential audit process to assess technology companies and pertains to security, availability and privacy aspects of the company. This certification validates that our cloud backup and storage solutions, as well as our policies and procedures, adhere to industry-leading standards for safeguarding customer data and account information.
A third-party organization audited IBackup's ability to securely manage any business data. It followed SSAE 18 to evaluate IBackup's commitment to security and privacy. Statement on Standards for Attestation Engagements or SSAE establishes standards/controls, with the current version being SSAE21. IBackup has completed the necessary audits and possesses supporting documentation demonstrating compliance with the standards outlined by SSAE 18.
More information on how IBackup assists its customers comply with different regulatory standards can be found on IBackup's Compliance Page.
IBackup Security
IBackup addresses data security and privacy concerns by employing a robust security model that includes encrypted data transmission and storage, restricted physical access, and password protection safeguards among its several layers of security measures used to protect customer data.
Data Privacy Framework Program
The EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. Data Privacy Framework (UK Extension to the EU-U.S. DPF), and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) were established to streamline transatlantic commerce. These frameworks offer U.S. organizations dependable mechanisms for personal data transfers from the European Union / European Economic Area, the United Kingdom (including Gibraltar), and Switzerland to the United States, ensuring consistency with EU, UK, and Swiss law. An organization needs to self-certify its commitment to the DPF Principles with the ITA. This involves being listed on the Data Privacy Framework List, which the ITA updates yearly based on organizations' annual re-certification submissions.
Swiss-US Privacy Framework
IDrive aligns with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as established by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. IDrive has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
Transmission
IBackup data is encrypted and deployed in top tier data centers certified for SOC 2, ISO 27001 and PCI-DSS. These data centers provide Service Organization Control (SOC) approved data protection services. All transmitted data is automatically verified each time a backup takes place.
Storage/encryption
Data files are encrypted on transfer and stored using AES 256-bit encryption. Data resides on RAID-protected industry leading NAS/SAN storage devices with multiple levels of redundancy and is available for online restores 24/7.
Encryption based on a private encryption key ensures data stored on IBackup servers cannot be decrypted by anybody other than you and your authorized personnel. Private encryption keys are never stored or escrowed on IBackup servers as is.
Access
Data access is restricted by password and private key authentication. Our security protocols include two-factor authentication settings, enhancing the protection of your account. All access to the stored data is documented and time/date stamped. Detailed reporting gives regulators a clear idea of the chain of custody of the stored information, and rapid access, should it be required.
Physical access to the vaults and the data center housing IBackup servers is strictly controlled through administrative procedures, physical safeguards, and technical security measures to prevent unauthorized physical access to IBackup servers.
Password Protection
Account passwords are never stored or transmitted to IBackup in plain text.
While IBackup meets several technical safeguards for maintaining data security, full compliance with specific regulatory requirements is not guaranteed by simply implementing IBackup solutions. It is important that organizations consult with their legal counsel to ensure applicable compliance regulations are satisfied.