ThousandEyes has always been committed to showing our employees, customers, vendors, and other third parties that we respect individuals’ privacy rights and expectations, and we first started external testing of our privacy program through TrustArc’s privacy certification back in 2013.
Ever since then, we have been working to continue to refine and enhance our privacy management program to ensure we respect the privacy of individuals and properly protect personal data through compliance with programs like Safe Harbor, Privacy Shield and addressing GDPR and CCPA requirements. For some time, we have been working to align our program with the ISO Standards for protecting personal information, and now we have successfully demonstrated its compliance and received the ISO 27018 and ISO 27701 Processor certifications.
ISO 27018 is the code of practice for the protection of personally identifiable information (PII) in public clouds acting as PII processors. Our ISO 27701 Processor certification goes a step further and expands the requirements guidelines for managing privacy information.
In the privacy world, a processor is a person or organization that processes PII on behalf of and in accordance with the instructions of another person or organization. In our case, ThousandEyes is processing the PII on behalf of our customers as part of the ThousandEyes service. An overview of the PII we process is provided in the Privacy Data Sheet and additional information of how we protect it is described in the ThousandEyes Security and Privacy brief.
In general, we have expanded the ISO 27001 Information Security framework to include privacy considerations and work to continually improve both privacy and security of information. We have also incorporated privacy into the various information security controls from things like policies to operational security and business continuity. The ISO 27701 Processor certification also tested our adherence to guidance in the areas of:
- Conditions for collection and processing of PII
- Obligations to PII principals
- Privacy by design and privacy by default
- PII sharing, transfer, and disclosure
ThousandEyes will continue to maintain certification with U.S.-EU and U.S.-Swiss Privacy Shield frameworks. We will also seek to continue to expand our privacy program, so stay tuned for further announcements as we continue to demonstrate to our employees, customers, vendors, and other third parties that for ThousandEyes, privacy is a priority.