Since inception, protecting the security and privacy of our data has been a top priority for ThousandEyes. Our customers trust us to collect and store information about performance of networks and applications they use. Depending on the deployment scenario and specific customer use cases, this could include information from the Internet that constitutes public domain knowledge and/or information from private enterprise networks. As such, we treat all data collected as highly sensitive and have implemented a security program to ensure its confidentiality, integrity, availability and privacy.
We start with a solid management foundation through adoption of the widely recognized and respected ISO/IEC 27001 standard for our information security management system. Our privacy management system is based on the Privacy Shield Framework, which was developed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.
Jointly these form a ThousandEyes Unified Security and Privacy Management Framework (USPMF) that is supported by strict policies, standards, technologies and processes. We continually improve our USPMF by implementing additional technical and organizational controls to ensure customer data is always protected with best current practices.
There are a number of laws and regulations that ThousandEyes and our employees comply with:
- ISO/IEC 27001:2013
- FTC regulations
- Privacy Shield
- Bureau of Industry and Security U.S. Department of Commerce requirements
- TRUSTe Privacy Program Requirements
- All other relevant national and local legal, regulatory and contractual requirements
We have implemented a two step approach to compliance. First, we ensure that all external and internal requirements are embedded within our policies and supported by underlying standards, technologies and processes. Second, through internal risk assessments and audits, we regularly test to ensure that all security controls are implemented properly and operating effectively.
We use an independent third party to perform AT Section 101 attestation that produces a SOC2 Type II report for the Security principle covering our fiscal year. Also, the Information Security Management System supporting our network performance management software as a service application received ISO/IEC 27001:2013 certificate from an independent certification body. In addition, an independent third party performs a yearly enterprise risk assessment on our critical information resources.
ThousandEyes is a corporate member of Cloud Security Alliance, where we share information and collaborate with other industry leading companies in order to maintain the highest level of security best practices. ThousandEyes is also a member of the Center for Internet Security, a forward-thinking non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats.