Datica Blog

Best Practices are Best Practices: How Datica Handles Global Compliance

Christopher Gerg

Datica Chief Technology Officer & Chief Security Officer

July 2, 2018   GDPR GxP HIPAA HITRUST

Datica’s compliance roots start in healthcare with HIPAA, a regulatory framework found in one of the most conservative industries in the world. For much of our early years, we were healthcare-only, consistently providing the best HIPAA compliance management option on top of the public cloud.

Best practices are best practices

Compliance is global, however, with highly regulated industries spanning many geographies. The requirements to meet GDPR regulations by May 25th pushed us to examine a compliance posture that was international instead of HIPAA specific.

The nearly year-long exercise was a catalyst for our compliance team to innovate on how we could be bigger than just GDPR. We took a look at compliance holistically, and globally, to come up with a strategy that will allow us to better serve customers across industries and geographies.

The result is simplified with a phrase we use internally: Best Practices are Best Practices.

The Datica global compliance roadmap

Datica’s ability to serve international compliance regimes stems from a philosophy exemplified by HITRUST: one framework, many regimes. We decided to take a single compliance framework, make it our root attestation, and then plan to use it as a repeatable mapping process towards other regimes. HITRUST and its Common Security Framework was clearly the answer.

HITRUST has done a great job of aiming for big goals. With version 9.1 of the CSF, we believe there are few better options for the most stringent and comprehensive compliance auditing framework on the cloud. The HITRUST CSF is our DNA framework.

By using HITRUST, we will crosswalk the CSF to other geographies and compliance regimes, thus accelerating our ability to support compliance attestations in those areas. Certainly unique considerations will exist in respective geographies before we can officially support compliant deployments of the Datica Platform in a country, but the CSF will get us almost all the way there in all cases.

As has been the drumbeat since Datica’s founding in 2013, transparency is the key to distilling the complexity of compliance. Transparency is how we best help healthcare — and other regulated industries — move forward. To communicate our global compliance posture to both present and future customers, we built a handy table that documents our compliance roadmap.

The table is simple:

  • We list geographies and certain regimes that matter in those geographies.
  • One column states if that regime is currently supported by the platform.
  • Another column states if we have plans to support it someday.
  • And lastly, for those we plan to support, we give a broad estimation to when the HITRUST crosswalk will be done along with any additional specific requirements for the respective regime.

This table will be updated a lot throughout 2018 as we test our compliance posture against new regimes.

We invite you to take a look at public global compliance roadmap by visiting the Global Compliance Posture page of our website.

In short, we plan to take HITRUST global to both geographies and regimes that we haven’t previously supported. We want to be the best compliance management option for cloud native applications across the world.

Earlier

We’ve taken our commitment to open source and Kubernetes a step further by becoming a silver member of the Cloud Native Computing Foundation (CNCF).

Next Post

The biggest barrier to a successful cloud compliance program is simply the complexity of understanding everything. This new compliance self-assessment worksheet will help.

Related

How does GDPR compare to HIPAA?

Travis Good, MD

Co-founder, CEO & Chief Privacy Officer

Though different in who they apply to and how you prove compliance, HIPAA and GDPR are both about having security as a core tenet of operations.

event-note December 11, 2017

5 Steps to HITRUST CSF Certification

Laleh Hassibi

Vice President of Marketing

Complying with HIPAA and proving it are two very different things. Datica is HIPAA compliant AND can prove it with our HITRUST CSF certification.

event-note June 29, 2017

What We're Building: Datica's Public Product Strategy and Roadmap

Ryan Rich

Chief Product Officer

Transparency is the heart of Datica. With that said, we announced Datica’s public product strategy & roadmap. This document will serve as the window into Platform product development.

event-note May 11, 2018

Will new identity-proofing NIST standards prove who you say you are?

Marcia Noyes

Director of Communications

A recent NIST update includes important changes that encourage out of band authentication methods versus a single source email. Learn how Datica is responding.

event-note October 10, 2017

What makes HITRUST? Understanding the superset nature of HITRUST

Kris Gösser

Chief Marketing Officer

HITRUST is a superset security framework and understanding both the advantages and disadvantages of this will help you wield HITRUST successfully.

event-note November 15, 2017