By Zlatko Unger
Published on March 17, 2022
Is your private data used compliantly? Is it secure and protected from bad actors? Such questions are no longer optional checkboxes. They are imperatives. Indeed, every organization that collects and manages data must ensure responsible data usage and appropriate cybersecurity measures are in place. Otherwise, they run the risk of illegal usage from within or a malicious breach from without.
Alation has earned ISO 27001 and ISO 27701 certifications and a SOC 2 Type II + HITECH report for the Alation Cloud Service platform. These achievements place Alation in an elite group of organizations worldwide that have met the necessary requirements of the International Organization for Standardization (ISO) to meet security and privacy controls, as well as the American Institute of CPAs (AICPA) System and Organization Controls (SOC) controls covering management of security and risk.
A range of organizations, from small businesses to multinational companies, are shifting their business to the cloud. With this shift, opportunities to leverage data more powerfully increase, but so do the risks. Ensuring cloud migration data security is essential. This achievement is a testament to Alation’s commitment to the security and privacy that ensures the controls at Alation meet the growing needs of the business world.
ISO/IEC 27001:2013 is an information security management system standard published in October 2013 by ISO and the International Electrotechnical Commission (IEC).
Alation takes threats to the availability, integrity, and confidentiality of our customer’s information seriously. As such, Alation is an ISO/IEC 27001:2013 certified provider whose Information Security Management System (ISMS) has received third-party accreditation from ISO.
Compliance with this internationally recognized standard confirms that Alation’s security management program is mature, comprehensive, and in step with leading industry best practices. The consequences of overlooking such best practices are grave. The global average cost of a data breach is $4.24 million and has increased up 10% in the last year alone.
The scope of our ISO 27001 certification includes the creation and maintenance of Alation (software) and the hosting of Alation on Alation Cloud Service. This certification expands our 2019 certification to now cover Alation Cloud Service.
ISO/IEC 27701:2019 is a privacy information management system standard published in August 2019 by ISO and IEC, and is an extension to the ISO/IEC 27001:2013 ISMS.
Alation is also an ISO/IEC 27701:2019 certified provider, and our Privacy Information Management System (PIMS) has received third-party accreditation from ISO. Alation’s compliance with this global standard demonstrates that our privacy management program is comprehensive and follows industry best practices. The creation and maintenance of Alation and our Alation Cloud Service is within the scope of our ISO/IEC 27701:2019 certification.
Maintaining a rigorous privacy posture is essential to passing compliance audits and avoiding onerous fines. In fact, non-compliant usage of private data costs businesses millions; in 2021, GDPR fines exceeded $1B, representing a sevenfold increase from 2020. The ISO 27701 certification validates Alation’s commitment to data privacy, especially on behalf of our customers, who must comply with privacy regulations such as GDPR and CCPA.
Lastly, Alation has completed SOC 2 Type II + HITECH reporting, which ensures we securely manage data for Alation Cloud Service.
Our SOC 2 Type II report continues our commitment to security and privacy by evaluating the controls’ effectiveness over time. Alation is compliant with all applicable laws, regulations, and standards in the United States and abroad. Our commitment to Health Insurance Portability and Accountability Act (HIPAA) compliance is evidenced in our Health Information Technology for Economic and Clinical Health Act (HITECH) attestation found in our SOC 2 Type II compliance report.
Alation’s continued commitment to protect customer and corporate data is demonstrated through our third-party attestations of compliance reports. Customers and investors can rest assured that our platform has the required controls in place to protect data at all times. Alation treats all customer data as highly confidential and provides the same security and privacy protection on all levels.
At Alation, the tone for security and compliance is set at the top, where Alation’s executive team invests a great deal of time and interest to ensure the continuous and consistent maturity of the security and compliance programs as laws and regulations evolve.
The SOC 2 Type II report and our two ISO certificates fortify our security and privacy to ensure that Alation keeps our customer’s data safe and ensures a product with optimal security controls in place.
In the increasingly complex world of software and online services, companies must demonstrate their commitment and competence with security and privacy. Implementing and maintaining these frameworks give our customers, partners, and employees vital peace of mind—and the confidence that their data is protected, while supporting a level of trust that data is used compliantly by all users within the organization.
Our certificates are available on the security page, whereas our SOC 2 Type II report is available here.