On May 25th 2018, GDPR compliance will be required by companies operating or doing business in Europe. We provide our clients with a plugin that can be enabled in the AnswerHub admin console. To manage the plugin, you will need to be a super user with network admin privileges. The documentation available on our customer success site provides instructions on how to enable and use the plugin on your community. Below is an overview for what's included:
As part of this plugin, support for the GDPR API is available from the AnswerHub admin console as well as from a REST client.
GDPR APIs are added at a node level to account for future content types (ideas, articles, etc.) that may be enabled for your community.
To provide ease of use, the activities for GDPR API success and errors are logged, return codes are available on the GDPR admin page, and logging on the info level calls is included.
If you are currently an AnswerHub customer, please see our success site for more GDPR information.
We have completed our assement of potential risks that meltdown and spectre exploits could pose for AnswerHub and find them to be minimal.Both exploits require physical or ssh access to the systems, and AWS provides extensive physical security in its datacenter and has already applied patches to the OS on its servers to mitigate potential risks posed by meltdown in the event access were somehow obtained. Accordingly we are confident that our cloud hosted customers are safeguarded. We recommend that our customers who self host on-premise seek security updates from their OS supplier as a precaution.
We know that your information being safe is your top priority, that’s why we take pride in our partners at Amazon Web Services (AWS) to have the highest-scale systems. All data centers (including the physical access to any such data centers) for AnswerHub are managed by AWS and are housed in nondescript, monitored, and video surveillanced facilities. Physical access is strictly controlled by professional security staff, and all physical access to data centers by AWS employees is logged and audited routinely to ensure peace of mind.
DZone Software's data center providers maintain ISO 27001, SOC 2 Type II, and many other certifications.
All data centers (including the physical access to any such data centers) for AnswerHub are managed by Amazon Web Services (AWS). AWS’ data centers are state of the art, utilizing innovative architectural and engineering approaches. AWS has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
AWS only provides data center access and information to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical access to data centers by AWS employees is logged and audited routinely.
AWS operates its data centers in such a way as to be compliant with a number of global certifications including ISO 27001, PCI DSS Level 1, and the EU Data Protection Directive. For more information, please see here: aws.amazon.com/compliance.
Data center physical locations and access are strictly controlled. Servers are located around the world in 6 regions:
AnswerHub chooses its new hires carefully to fit our core values and to ensure the security of our customers’ data. Background checks, NDA, and our corporate security policy must be acknowledged upon hire and access to customer systems requires a probationary period of at least one month. Access to any system is revoked immediately when an employee leaves the company.
Many of the low-level components that make up the AnswerHub production infrastructure are provided by Amazon Web Services and are designed with multiple redundancies for maximum uptime.
In addition, critical systems such as DNS, load balancers and backups are run in a redundant manner across multiple data centers. At the database layer, all data is replicated in real time to a second master database. Snapshots are taken nightly with historical point in time recovery for databases.
AnswerHub takes information security and privacy very seriously. Through a combination of internal controls and product features we verify the security of your data on an ongoing basis. Visit our privacy page to learn more.
The DZone Software incident response plan involves four steps – Detection, Analysis, Response, and Post-Mortem.
Amazon Web Services provides two locations in Europe that support the full range of our services including high availability, and all data is kept within the European borders.
DZone Software is committed to supporting the privacy regulations of the European community. In an effort to support the broadest range of customers possible, we work with Amazon Web Services to provide two locations in Europe – one in Ireland and one in Germany. Each one supports the full range of our services, including High Availability, and all data is kept within European borders.
Data center physical locations and access are strictly controlled. Article 29 Working Party, AWS Data Processing Addendum and Model Clauses Our hosting provider, AWS, has already obtained approval from EU data protection authorities, known as the Article 29 Working Party, of the AWS Data Processing Addendum and Model Clauses to enable transfer of data outside Europe, including to the U.S. With their EU-approved Data Processing Addendum and Model Clauses, AWS customers can continue to run their global operations using AWS in full compliance with EU law. The AWS Data Processing Addendum is available to all AWS customers that are processing personal data whether they are established in Europe or a global company operating in the European Economic Area.