Pipefy Announces GDPR and LGDP Compliance
Pipefy, the no-code workflow automation platform that empowers doers and transforms the way teams work, announced that it is fully compliant with the rules mandated by the General Data Protection Regulation (GDPR), the European Union’s new regulatory framework for data privacy and protection as well as Lei Geral de Protecao de Dados (LGDP), Brazil’s data privacy law that was modeled after that of the EU. The company will comply with the GDPR and LGDP across all their worldwide clients, to preserve and secure all personal data.
“Our clients’ privacy and security are at the heart of everything we do at Pipefy,” said Alessio Alionço, Founder and CEO at Pipefy. “We welcome GDPR and LGDP’s more stringent data protection and privacy standards. As a trusted technology partner to over 3,000 organizations worldwide, we are committed to support our customers’ individual rights and ensure best practices all while handling personal data safely and securely.”
Recommended AI News: Atos to Assist Federal Government Agencies to Take Full Advantage of Artificial Intelligence
The announcement represents the culmination of more than a year’s worth of work by Pipefy’s Security and Data Teams to complete a series of data privacy and security compliance protocols. In June the company announced it had achieved the International Organization for Standardization (ISO) 27001:2013 certification for its Information Security Management System (ISMS) to support global customers using its Business Process Management Platform.
Pipefy has been focused on providing security at scale for their customers since the company was founded in 2015. The ‘people first’ company believes in data security and security monitoring for all, from single users to enterprise. Pipefy platform security features include:
- Permissions and Authentifications: Access to customer data is limited to authorized employees only.Pipefy’s environment is protected by having Single Sign-on (SSO), Multi-Factor Authentication (MFA), and strong password policies on their code repository, email provider, and storage warehouse platform. Pipefy’s platform, developers’ site, and help site are delivered 100% onto HTTPS.
- Disaster Recovery and Fail Over: All infrastructure and data are spread across 3 availability zones and will continue to work without issue if any one of their data centers fails.
- Back-Ups and Monitoring: Audit logs for all activity on the platform, using a secure platform for analysis and archival purposes. Active monitoring and backups in place to recover information in the event something happens within our environment.
- Encryption: All data within Pipefy is encrypted in transit and at rest using 256-bit encryption, which provides a better and more secure service.
- Pentest and Vulnerability Scanning: Security tools to continuously scan for vulnerabilities. Our dedicated security team responds to issues raised on these scans, when applicable, and performs regular penetration tests on the application and infrastructure.
- Incident Response: Strict protocol for handling security events which includes escalation procedures, rapid mitigation, and postmortem.
- GDPR/LGDP: Security and compliance protocol for data protection
- SOC 2: (System and Organization Controls) is a regularly refreshed report that focuses on non-financial reporting controls as they relate to security, availability, and confidentiality of a cloud service. SOC 2 is expected in Q3 2021.
Recommended AI News: Perfecto by Perforce Delivers New Fast Path to Digital Quality, the Latest in a Historic Year
“In the first half of 2021, 118.6 million people were impacted by data breaches, data exposures and data leaks,” said Ananth Avva, President and COO at Pipefy. “Three of the 10 largest breaches occurred at technology companies. SaaS companies, like Pipefy, have a responsibility to keep our customers’ data secure. As an organization we are in constant pursuit of alleviating any rising fears stemming from privacy policy concerns.”
According to the GDPR website, the General Data Protection Regulation is the toughest privacy and security law in the world. It’s policies, which were put into effect in May 2018, impose obligations onto organizations targeting or collecting data related to people in the EU. GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros.
Recommended AI News: Jvion Launches Clinical AI On The Innovaccer Health Cloud
Comments are closed.