Splashtop Compliance
Compliant with ISO/IEC 27001, SOC2, GDPR, and CCPA. Supporting HIPAA, PCI, and FERPA needs.
Learn how Splashtop remote access and remote support solutions comply with or support our customers’ compliance with industry and government standards and regulations. Learn more about Splashtop and SOC 2, ISO/IEC 27001, GDPR, CCPA, PCI, HIPAA, and FERPA.
ISO/IEC 27001
ISO 27001 is the most internationally recognized benchmark for establishing and upholding a robust information security management system (ISMS). With its comprehensive set of stringent requirements, the standard supports a holistic approach to information security by thoroughly assessing individuals, policies, and technologies through rigorous testing and auditing.
By implementing ISO’s security framework, Splashtop empowers users with industry-leading remote access solutions while ensuring the highest standards for risk management, cyber-resilience, operational excellence and safeguarding customer data.
Being ISO 27001 certified assures customers, partners, and stakeholders that Splashtop has implemented robust security measures to protect their information and maintain the confidentiality, integrity, and availability of data.
SOC 2 Compliance
SOC 2 is a set of standards that measure how well a service organization conducts and regulates its information. Splashtop is SOC 2 Type 2 compliant. Our policies ensure security, availability, processing integrity, and confidentiality of customer data. Here is our SOC 3 independent auditor’s report – a public report over controls related to security, availability, and confidentiality. Request additional Splashtop SOC 2 compliance information
GDPR Measures at Splashtop
Protecting the personal data of our customers has been and continues to be our top priority. We understand our obligations and responsibilities as a Controller and as a Processor for GDPR. We have taken the following steps to be GDPR ready.
Data Protection by design: We have implemented affirmative consent where all of our customers must opt-in first to share their personal data with us during signup and they have means to withdraw later on. We have reviewed and implemented process to make sure we only collect and process personal data that is necessary to provide the service to our customers. We make sure all personal data is protected with strong industry security standards and best practices, both in transmission and storage.
Data Governance: We have identified and mapped all personally identifiable information (PII) we collect, what we are doing with it, where it flows and who has access to it. We have signed Data Processing Agreements (DPA) with our third party service providers to ensure they are also committed to GDPR.
Policies: We’ve updated our Privacy Policy and created a Cookie Policy to be compliant with GDPR requirements; to make sure our users’ rights are protected and spelled out clearly.
Process and Communication: We have formally reviewed our GDPR readiness with a third party professional firm, put in place additional processes, and set up proper communication channels to handle all GDPR related inquiries and tasks both internally and externally.
For more information, here is our Corporate Customer Data Processing Agreement.
Your Rights: You (the “Data Subject”) have the right to access, rectify, erase, object to, or restrict the processing your personal data. You can find more complete and detailed information in our Privacy Policy at https://www.splashtop.com/legal/privacy-policy.
If you have any questions about or need further information concerning the legal basis on which we collect and use your personal information, or your rights, please contact us at gdpr@splashtop.com.
California Consumer Privacy Act (CCPA)
As of January 1, 2020, consumers residing in California have some additional rights with respect to their personal information under the California Consumer Privacy Act or (“CCPA”).
Splashtop is committed to CCPA compliance, including Right to Access, Right to Deletion, and Right to Opt-Out.
Further details regarding personal information collected, CCPA user rights, and how to exercise the rights are available in our Privacy Policy.
PCI Compliance
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. The standard was created to increase controls around cardholder data to reduce credit card fraud. PCI compliance is required for organizations that store, manage and process cardholder information.
Splashtop is not a payment solution and we do not store our users’ credit card or financial data in our system.
Splashtop uses third party vendors to store and manage cardholder data and conduct online transactions. We provide secure connections to our PCI compliant payment vendors to ensure compliance.
HIPAA Compliance
Every business that is part of the U.S. healthcare industry must comply with Federal standards regulating sensitive and private patient information. In addition to protecting worker health insurance coverage, HIPAA sets forth standards for protecting the integrity, confidentiality, and availability of electronic health information. Splashtop does not process, store, or have any access to any of the users’ computer data such as patient data or medical records. Therefore, Splashtop should not be considered as your business associate. While no single product or solution can make an organization HIPAA-compliant, the Splashtop Business Access, Splashtop Remote Support, Splashtop SOS, and Splashtop On-Prem products, when used properly, may help organizations fulfill HIPAA guidelines for the privacy and security of remote access to healthcare information and may be used within a larger system to support HIPAA compliance (see whitepaper below). Some key points to note are:
Splashtop transmits but does not store the encoded screen capture stream, which is encrypted end-to-end with TLS with AES-256 bit encryption.
The username / password transmission is encrypted with HTTPS / TLS.
The user passwords are encrypted and stored in our database, which is protected by encrypted disk and VPN.
All connections are logged with timestamp and user / device / session info.
Device authentication is enabled by default with an option to turn on 2-factor authentication.
Our Cloud security modules monitor and flag suspicious activities real-time and block the aggressor from further access to our Cloud services.
All of these measures should help ensure that Splashtop may be securely deployed in your organization without affecting HIPAA compliance.
White Paper: Splashtop HIPAA Compliance and Security
Splashtop also offers an on-premise implementation of its remote access and remote support solutions. With this implementation, all of the server modules / services are hosted in the customers’ private cloud. Please find more information at https://www.splashtop.com/products/on-prem and https://www.splashtop.com/solutions/iot (for remote support of computers, mobile / embedded / IoT devices) .
Please contact sales@splashtop.com to start a trial or get additional information.
FERPA
FERPA is a Federal law that protects personally identifiable information in students’ education records from unauthorized disclosure. It affords parents the right to access their child’s education records, the right to seek to have the records amended, and the right to have some control over the disclosure of personally identifiable information from the education records.
Splashtop doesn’t access, process, or store education records. Splashtop stores limited information such as session logs, activity logs, and device Information – no student information. Although Splashtop is not subject to FERPA certification, Splashtop follows industry best practice to ensure the data it has is protected.
Learn more about Splashtop and FERPA: Splashtop FERPA Info Sheet
MSP and IT Security Feed
Did you know that Splashtop hosts a security feed for MSPs and IT professionals to stay up to date with the latest cybersecurity news and vulnerability alerts related to OS, browsers, VPN and RDP? Check it out now and subscribe to receive email alerts so you can protect your business and your clients with security news as it comes.
Security Standards
Splashtop’s business products are specifically built to give IT full control over securing the data while giving employees the flexibility to access it from anywhere. They are especially applicable to organizations operating in industries with stringent legislative and compliance regulations where controls for data privacy and systems security are mandated. Splashtop security features also help support HIPAA and ISO 27001 compliance.
Learn more on our Splashtop Security web page.
The Technical and Organizational Measures (TOMs) describe the security measures and controls implemented and maintained by Splashtop to protect and secure the personal data we store and process. Read Splashtop’s Technical and Organizational Measures.
If you have any further questions, please contact us at sales@splashtop.com or our Sales - +1.408.886.7177