Today’s businesses are driven by digital adoption, which includes the ability to deeply understand data and unlock the power of big data analytics and AI. But before customers – and regulators – will allow us to leverage personal data, we must first earn their trust.
WalkMe simplifies this privacy burden with new compliance offerings that can help you demonstrate compliance with privacy laws and regulations and get more control over your data.
We are pleased to share that WalkMe has expanded our compliance program with two new Certifications / Attestations:
- SOC 2 Type 2 certification (third-party attestation) that covers all five AICPA Trust Service Criteria (TSC) principles: Security, Availability, Processing Integrity, Confidentiality, and Privacy.
- International ISO/IEC 27701:2019 certification for Privacy Information Management System (PIMS).
These two milestones demonstrate that WalkMe provides a comprehensive set of management and operational controls, further validating our ongoing commitment to privacy and trust, and enable WalkMe customers to more easily comply with an ever-increasing number of global privacy requirements.
SOC 2 Type 2 and the 5 Trust Services Criteria (TSC) principles
SOC 2 (Service Organization Control 2) is a part of the AICPA’s (American Institute of Certified Public Accountants) Service Organization Control reporting platform. SOC 2 is an auditing and attestation process that measures against the five trust principles outlined by the AICPA.
When a business achieves SOC 2 compliance, it demonstrates that the company has implemented controls to ensure security, availability, processing integrity, confidentiality, and privacy of customer data.
The 5 TSC principles:
- Security: Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of data or systems and affect the entity’s ability to meet its objectives.
- Availability: Information and systems are available for operation and use to meet the entity’s objectives.
- Processing Integrity: System processing is complete, valid, accurate, timely, and authorized to meet the entity’s objectives.
- Confidentiality: Information designated as confidential is protected to meet the entity’s objectives.
- Privacy: Personal information is collected, used, retained, disclosed, and disposed of to meet the entity’s objectives.
WalkMe report now includes all 5 TSCs, including processing integrity that discusses the completeness and accuracy of our system’s information processed and produced, and privacy, which provides confidence to our customers that your personal information is protected and that WalkMe has controls in place that are operating effectively to protect your personal information.
The Privacy Information Management System (PIMS) is built as an extension of the widely-used ISO/IEC 27001 standard for information security management, making the implementation a comprehensive compliance extension for organizations that rely on ISO/IEC 27001, as well as creating a strong framework for aligning security and privacy controls.
PIMS accomplishes this through a framework for managing personal data that can be used by WalkMe as a data processor, a key distinction for GDPR compliance.
This standard is designed to help operationalize regulatory requirements from any jurisdiction in a way that is both transparent to regulators and useful for both internal and third-party auditors helping our customers to demonstrate compliance anywhere on earth. Whether customers do business in a single country or worldwide including GDPR requirements.
Down the road – Scalable compliance
WalkMe anticipates that privacy legislation will continue to expand around the globe. China’s Personal Information Protection Law (PIPL), Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD), and several other US state laws are just a few examples. With many parties that intend to pass privacy laws soon, increased complexity on the compliance front can become a challenge.
With upcoming regulatory requirements, our new attestation for SOC 2 criteria will assist with more efficient compliance operationalization, and a universal framework like ISO 27701 will allow better mapping, as the audit requires the declaration of applicable laws/regulations in its criteria, enabling the standard to be mapped to many of the requirements under GDPR, CCPA (California Consumer Privacy Act), and simplify compliance with future laws.
This will assist in reducing the need for multiple certifications and audits against new requirements and thereby saving both time and money. This is critical for supply chain business relationships as well as cross-border data movement.
As a security and data privacy leader, WalkMe has longstanding commitments to privacy, and will continually look at more ways to ensure compliance with a broad range of the ever-changing international data protection laws, to give customers more control over their data, so you can keep your focus on digital adoption.