A trusted third party vendor
Third party management
When choosing any third party service provider to handle your data, whether it be personal or business confidential information, it is imperative that you consider the security of your data. By choosing a secure provider, you minimize future risk associated with potential data breaches and go another step to avoid reputational or financial damage that is associated with any data security event.
All together more cyber resilient
Lot of cyber incidents like Kaseya, Solarwinds, Citrix and Crowdstrike show interdependencies in today’s world. Chain dependency means that we are as strong as our weakest link. NIS2 (Network and Information Security 2) , DORA (Digital Operational Resilience Act) for the financial industry, CRA (Cyber Resilience Act) and other regulations aim to get high common level of cybersecurity in the EU to become more cyber resilient together. NIS2 is an EU-wide legislative act which establishes cybersecurity risk management measures and reporting requirements for an expanded list of essential and important industries and there suppliers. All these regulations are very positive, as it forces companies to proactively think about cyber security and resiliency.
How to prove you are NIS2 ready and compliant?
Meeting stringent security standards gives a customer confidence in a data recovery provider that they are the chosen provider of many high-level global customers and clients who recognize the need for the highest level of expertise in the field. Corporations with rigorous vendor onboarding processes will choose providers on their skills, proficiency and reputation in the field. Meeting and understanding security requirements of such clients gives other potential clients the knowledge that their provider are at the top of their field.
At the moment there is no official certification for NIS2. Looking at certification we can identify
-
Process certification like ISO 27001, NEN7510
-
Control / outcome certification SOC2
-
Personel certification CISSP, CISM etc
ISO27001 is the global standard for setting up and operation an ISMS. This certification mandates specific requirements before an organization can be labelled as ISO27001 compliant. To be compliant, firms must design and implement comprehensive suite of information security controls and technical organizational measures, as well as systematically examine the organizations information security risks and employ a management process to ensure that the implemented security controls continue to meet security needs. By ensuring your chosen provider holds the ISO27001 certification, you as the client are ensuring your data is handled and protected according to these stringent security standards.
Security credentials such as SOC2 provide you as a data recovery client with assurance that the service provider has been independently audited to provide information and assurances about the controls that are relevant to the security of the systems that they use to process your sensitive data. This is especially important as a business client who needs to consider and comply with industry standards by demonstrating to regulators that you have chosen a reputable and secure data recovery service. As an individual, it adds a level of assurance surrounding the privacy of any sensitive personal identifiable information that may be contained on the storage device.
If we compare the domains ISO270001 with NIS2 we see that NIS2 puts a lot more emphasis on third party management.
Trust and Confidence
By taking data and information security seriously and by ensuring compliance with certifications such as those listed above in this article, as a client you can trust your chosen provider. These recognised standards allow you to feel secure and confident while working in an industry where confidentiality of data is paramount.
Information security culture at KLDiscovery Ontrack
Given the nature of our business, we are entrusted with large amounts of sensitive and confidential information by our clients and understand that security is increasingly imperative for today’s corporations. We invest significant time and money to protect your most sensitive ESI. KLDiscovery Ontrack holds many of the most well known security credentials including ISO27001 and SOC2.
KLDiscovery Ontrack, globally serves a wide variety of industries and some have their own regulation and legislation. Think of HIPAA , DORA, TISAX. Often they have overlapping requirements. KLDiscovery Ontrack is dedicated being compliant to what our global customers need. We completed an independent audit resulting in a certification of compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which also covers the Health Information Technology for Economic and Clinical Health Act (HITECH).
A whole team is working on answering infosec related inquiries to customers and auditors. Infosec is also vital part of our own vendor onboarding process. All this demonstrating that we have a strong information security culture and proofs our dedication to high common level of cybersecurity.
A trusted third party vendor.
More about:
KLDiscovery Ontrack’s security credentials
If you have a data recovery need:
Date recovery services
To speak to a specialist about your security requirements for your recovery project.
Contact Us
United States | English
Locations
Search
Back to listing
