Best practices are best practices
Compliance is global, however, with highly regulated industries spanning many geographies. The requirements to meet GDPR regulations by May 25th pushed us to examine a compliance posture that was international instead of HIPAA specific.
The nearly year-long exercise was a catalyst for our compliance team to innovate on how we could be bigger than just GDPR. We took a look at compliance holistically, and globally, to come up with a strategy that will allow us to better serve customers across industries and geographies.
The result is simplified with a phrase we use internally: Best Practices are Best Practices.
The Datica global compliance roadmap
Datica’s ability to serve international compliance regimes stems from a philosophy exemplified by HITRUST: one framework, many regimes. We decided to take a single compliance framework, make it our root attestation, and then plan to use it as a repeatable mapping process towards other regimes. HITRUST and its Common Security Framework was clearly the answer.
HITRUST has done a great job of aiming for big goals. With version 9.1 of the CSF, we believe there are few better options for the most stringent and comprehensive compliance auditing framework on the cloud. The HITRUST CSF is our DNA framework.
By using HITRUST, we will crosswalk the CSF to other geographies and compliance regimes, thus accelerating our ability to support compliance attestations in those areas. Certainly unique considerations will exist in respective geographies before we can officially support compliant deployments of the Datica Platform in a country, but the CSF will get us almost all the way there in all cases.
As has been the drumbeat since Datica’s founding in 2013, transparency is the key to distilling the complexity of compliance. Transparency is how we best help healthcare — and other regulated industries — move forward. To communicate our global compliance posture to both present and future customers, we built a handy table that documents our compliance roadmap.
The table is simple:
- We list geographies and certain regimes that matter in those geographies.
- One column states if that regime is currently supported by the platform.
- Another column states if we have plans to support it someday.
- And lastly, for those we plan to support, we give a broad estimation to when the HITRUST crosswalk will be done along with any additional specific requirements for the respective regime.
This table will be updated a lot throughout 2018 as we test our compliance posture against new regimes.
We invite you to take a look at public global compliance roadmap by visiting the Global Compliance Posture page of our website.
In short, we plan to take HITRUST global to both geographies and regimes that we haven’t previously supported. We want to be the best compliance management option for cloud native applications across the world.