New Podcast
Managing Traffic During Peak Demand; Plus, Microsoft, Akamai Outages

News

ThousandEyes Privacy in Practice: ISO 27018 and ISO 27701 Certifications

By Ryan Hogan
| | 3 min read

Summary

ThousandEyes has completed a third-party evaluation of our Software-as-a-Service application and practices for ISO 27701 and ISO 27018.


ThousandEyes has always been committed to showing our employees, customers, vendors, and other third parties that we respect individuals’ privacy rights and expectations, and we first started external testing of our privacy program through TrustArc’s privacy certification back in 2013.

Ever since then, we have been working to continue to refine and enhance our privacy management program to ensure we respect the privacy of individuals and properly protect personal data through compliance with programs like Safe Harbor, Privacy Shield and addressing GDPR and CCPA requirements. For some time, we have been working to align our program with the ISO Standards for protecting personal information, and now we have successfully demonstrated its compliance and received the ISO 27018 and ISO 27701 Processor certifications.

ISO 27018 is the code of practice for the protection of personally identifiable information (PII) in public clouds acting as PII processors. Our ISO 27701 Processor certification goes a step further and expands the requirements guidelines for managing privacy information. 

In the privacy world, a processor is a person or organization that processes PII on behalf of and in accordance with the instructions of another person or organization. In our case, ThousandEyes is processing the PII on behalf of our customers as part of the ThousandEyes service. An overview of the PII we process is provided in the Privacy Data Sheet and additional information of how we protect it is described in the ThousandEyes Security and Privacy brief.

In general, we have expanded the ISO 27001 Information Security framework to include privacy considerations and work to continually improve both privacy and security of information. We have also incorporated privacy into the various information security controls from things like policies to operational security and business continuity. The ISO 27701 Processor certification also tested our adherence to guidance in the areas of:

  • Conditions for collection and processing of PII
  • Obligations to PII principals
  • Privacy by design and privacy by default
  • PII sharing, transfer, and disclosure

ThousandEyes will continue to maintain certification with U.S.-EU and U.S.-Swiss Privacy Shield frameworks. We will also seek to continue to expand our privacy program, so stay tuned for further announcements as we continue to demonstrate to our employees, customers, vendors, and other third parties that for ThousandEyes, privacy is a priority.

If you have questions regarding our privacy policy or practices, please contact us at privacy@thousandeyes.com

Subscribe to the ThousandEyes Blog

Stay connected with blog updates and outage reports delivered while they're still fresh.

Upgrade your browser to view our website properly.

Please download the latest version of Chrome, Firefox or Microsoft Edge.

More detail