General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) gives EU individuals more freedom to say how their personal data is handled and creates an opportunity for Ivanti to better serve our customers and reaffirm that we are dedicated to data protection.
We’ve carefully reviewed the requirements set by the GDPR, and are actively improving our products, reviewing internal systems and processes, and verifying contracts to comply with the GDPR mandates. For example, we are looking at all the places our employee, customer, and prospect personal data is stored. We are reviewing how that information comes into our systems, how it is secured while it is in our care, how we ensure that only authorized individuals have access to that data, and how we securely handle data retention and deletion.
We are taking the same close look at how our products handle and secure personal data when they are deployed to support our customers’ environments, whether on-premises or in the cloud, and will soon be providing best practice recommendations for using our products in GDPR-compliant environments.
If you have more questions about how Ivanti will be GDPR compliant, please reach out to [email protected]. If you’d like to know how our products can help you prepare for GDPR, please visit our website: https://www.ivanti.com/solutions/needs/simplify-gdpr-compliance.
Privacy Shield Framework
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce. (Statement taken from https://www.privacyshield.gov/welcome)
As of 8/24/2018 the Privacy Shield team has determined that your organization’s Privacy Shield submission is otherwise complete under The U.S. Department of Commerce | International Trade Administration.
This policy applies to all the personal data that you provide and Ivanti collects through its products, apps, services, websites, events, and other communications such as our marketing efforts. References to Ivanti products in this statement include Ivanti software, apps, services, events, and websites.
* Ivanti sells software, not data. We collect data in order to respond to your inquiries, improve our products and services, support your use of our products, help you use our products more efficiently, market our products and services, and generally perform our contractual obligations.
Service Organization Control 2
Service Organization Control 2 (SOC 2) helps businesses attest that they provide non-financial reporting controls that meet certain levels of service related to the security, availability, processing integrity, confidentiality, and privacy of a system.
For Ivanti, third-party Armanino LLP conducted this attestation of compliance. attestation report describes Ivanti’s Cloud Service Platform (CSP) system and assesses the fairness of the CSP’s description of its controls. It also evaluates whether the CSP’s controls are designed appropriately and operating effectively over the specified assessment period. The most recent audit occurred in November of 2017 for Ivanti Service Manager.
International Organization for Standardization (ISO) & International Electrotechnical Commission (IEC)
The ISO and IEC provide standards that help customers deploy and automate IT solutions with processes that align with the Information Technology Infrastructure Library (ITIL).
Ivanti Service Manager has been found in general compliance with the standards outlined by the ISO and IEC, as stated in the audit plan. A copy of the attestation is available upon request.
Inquiries should be directed to [email protected].