Below are the frequently asked questions on the measures we take for Data Security & Privacy :
- Does PointCross comply with data privacy regulations?
- Yes, PointCross complies with EU GDPR, CalOPPA (California Online Privacy Protection Act) and COPPA (Children Online Privacy Protection Act).
- How does PointCross comply with data privacy regulations?
- PointCross Operations & Development centre is ISO/IEC 27001:2013 certified organization driven by data security practices enabling Confidentiality, Integrity and Availability of data. We have standardized logical and physical controls in place as a part of our governance structure. Other procedural practices as a part of our governance mechanism ensure that our employees are provided with ongoing trainings on data security as well as privacy, Incident management procedure that handles any security or privacy incident, access to data only through authorized user accounts and our GxP products/solutions comply with regulatory requirements.
- We also include and abide by the needed contractual obligations as per regulations such as EU GDPR.
- How is the data stored, accessed by PointCross application and its users (eDataValidator over AWS or SaaS SIMT, XBIOM™ SaaS)
- Does PointCross read, use, analyse or share any PII (Personally Identifiable Information) stored within the data domains?
- How does PointCross ensure that the data privacy is handled by the service providers such as AWS?
- Does your cloud solution provider warrants Business Continuity Plan and Incident Response Plan?
- Does PointCross have any Data Deletion process?
- What measures are provided by PointCross to ensure application level security?
- The hosting solution is accessed over a secure network using SSL through encrypted data exchange between Client – Server communication.
- Application access is granted after successful authentication through using native authentication or Active directory based SSO.
- Access to application modules are role based where permissions are granted based on the assigned roles.
- Implementing security hardening by controlling the access permissions to various components in the application.
- Access Control by opening a specified set of network ports at perimeter or gateway. E.g.: Https-443 is the only accessible network port for application.
The entire data uploaded by the users (to PointCross provided application over SaaS servers) while being used, is managed by the data controller. PointCross access to application is restricted to troubleshooting in case if the need arises (access to PointCross being granted and covered as a part of data sharing/data protection agreements with respective customers).
Our terms of services with AWS does include an agreement on data protection as per the requirements mandated by EU GDPR regulation. For additional details, please click here (refer clause number 83).
Yes. Please click here for more details.
Yes, PointCross has Data Deletion process as a part of our operational governance structure. Our procedure elucidates the steps to be taken by PointCross based on any specific request from our customers or action be performed if any as described in the respective customer agreements.