As cloud adoption continues to grow, it’s critical businesses stay compliant with global regulations. We’ll show you our commitment to compliance, starting with the underlying platform and embedding regulatory guidelines in its core features.
With the rapid expansion and adoption of cloud technologies, compliance and privacy have become increasingly vital. Cloud providers like AWS, Azure and Google Cloud Platform all vouch their level of security, privacy and compliance when it comes to customer data.
Why platform compliance?
With the ever-growing VMware cloud services portfolio, being and staying compliant with global regulations is more important than ever before.
While each individual cloud service has its own list of compliance certifications and attestations, meeting numerous applicable regulations, compliance starts with the underlying platform and embedding regulatory guidelines in its core features.
How do we do this?
The VMware Cloud Services Engagement Platform Privacy and Compliance Program starts with you, our customer, in mind. We begin with your needs to ensure your business runs on a platform showing commitment to comply with applicable regulations.
We then look at global and other industry-specific compliance standards, guidelines and applicable privacy regulations, to use them as our guiding principles in every feature we deliver.
Privacy by Design was one of our guiding rules from the day the platform was born. VMware employs security and privacy experts throughout the company, working collectively to build programs, policies and practices designed to proactively embed privacy principles in our products and services. These programs are continuously reviewed and evolve based on our experiences, changes in the threat landscape and privacy regulations, customer needs, and industry observation and collaboration.
Regulations and regulatory frameworks we use as guiding principles in the VMware Cloud Services Engagement Platform:
| Global | Privacy | Accessibility |
| ISO 27001 | GDPR (including our Binding Corporate Rules) | WCAG |
| ISO 27017 | CCPA | Section 508 |
| ISO 27018 |
|
|
| SOC 2 |
|
|
Not only do we take these principles into our platform design, but we go further – we’ve obtained official third-party certificates and attestation to prove to our customers CSEP’s dedication to comply with regulatory guidelines.
VMware Cloud Services Engagement Platform (CSEP) Global Certifications and Attestations
| Standard | Description | Benefits to our customers |
| ISO 27001 | International Organization for Standardization (ISO) 27001 is a global standard for Information Security Management System (ISMS). It provides guidelines on taking a systematic approach to handling information security risks, threads, vulnerabilities and impacts. As per ISO 27001, ISMS applies to people (personnel), processes, as well as IT systems. | We systematically review our processes and systems against risks and vulnerabilities. We approach ISMS holistically and employ security standards in every feature we deliver.
Being certified against ISO 27001 international standards proves CSEP’s commitment in the space of security and aligns with customer requirements. CSEP received ISO 27001 certification from the independent third-party auditor, Schellman. |
| ISO 27017 | ISO 27017 provides global information security controls and implementation guidelines for cloud services specifically. | Thanks to our ISO 27017 certification, you know what our ongoing commitment level towards cloud computing security is.
CSEP received ISO 27017 certification from the independent third party auditor, Schellman. |
| ISO 27018 | ISO 27018 is a global set of standards on handling Personal Identifiable Information (PII) for the public cloud computing environment. | The ISO 27018 certificate shows CSEP’s ongoing commitment to protecting personal data through system-level controls.
The ISO 27018 certificate demonstrates that processes and controls are in place to address, manage and reduce identified risks.
CSEP received ISO 27018 certification from the independent third-party auditor, Schellman. |
| SOC 2 | System and Organization Controls (SOC) 2 was developed by the American Institute of Certified Public Accountants (AICPA) to provide governing framework and controls on security, availability, processing integrity, confidentiality and privacy. | The SOC report provides an independent 3rd party assessment of CSEP’s Security, Availability and Confidentiality principles Implementation. Rest assured we take best measures to ensure we satisfy SOC 2 standards.
Being compliant with SOC 2 Type 1 standards ensures procedures and controls are in place to securely enable reliable services. CSEP’s SOC 2 Type1 compliance has been attested by independent third party auditors, Schellman.
|
External resources:
