Clumio Achieves ISO 27701 Certification, First Internationally Recognized Privacy Standard Aligned with GDPR

Bangalore: Clumio™ Inc., innovators of authentic SaaS for enterprise backup, today announced that the company’s secure backup as a service for the enterprise has achieved the ISO 27701:2019 Privacy Information Management System (PIMS) certification.

ISO 27701 is widely considered to be the first internationally recognized privacy certification standard that parallels the General Data Protection Regulation (GDPR) personal data collection, processing, and protection requirements. This latest privacy certification underscores the company’s commitment to proactive compliance, with Clumio completing five major privacy/security compliance programs in its first 18 months. One of the company’s prime competitive differentiators: Clumio’s cloud-native architecture has allowed the company to “bake” security capabilities into its Software as a Service (SaaS) platform.

“While some companies are cobbling together compliance solutions, Clumio has made it a mission from day one to take a holistic and proactive approach to compliance,” said Glenn Mulvaney, vice president of cloud operations and security, Clumio. “We began our ISO compliance work before we even had a public product, and have worked to stay one step ahead of our audit requirements, compliance reports, and certifications. We started with the correct compliance controls long before we entered the public market, meaning we didn’t have to ‘undo’ poor practices when it came to our product, our employees, and our processes. We built our platform and our organization to conform to key industry privacy and security standards from the start.”

Clumio was born in the public cloud, leveraging the most modern cloud capabilities – including more than 10 major AWS services – to ensure it meets and exceeds the backup, privacy, and security requirements of today’s most demanding enterprises. Clumio recognizes that compliance and security are not interchangeable. As a result, information security best practices are built into the product architecture. Clumio’s authentic SaaS backup protects workloads such as VMware / VMware Cloud on AWS, Amazon Web Services (EC2/RDS/EBS), and Microsoft M365. As a SaaS platform, Clumio has built upon AWS physical and environmental compliance controls. Companies that use Clumio can be assured that their compliance requirements for data protection are satisfied.

Although there is no official GDPR checklist or certification, Clumio’s platform is built on ISO information security and privacy management system standards that also align with GDPR. This privacy-related certification confirms that Clumio’s product offerings contain processes and operations that have been validated through independent testing and support compliance with privacy laws and legislation, including GDPR and the California Consumer Privacy Act (CCPA).

Clumio Access Management

In addition to achieving the ISO 27701 certification, Clumio recently announced Clumio Access Management, a new set of secure access management capabilities designed to provide corporate IT with more granular department and role-based access controls. Clumio Access Management encompasses authorization and authentication best practices that allow enterprise IT teams to provision by organizational unit, ensuring the right people have the right access to do their jobs.

Clumio Access Management delivers:

A simplified experience: Easily configure asset/inventory grouping criteria for department administrators in organizational units. Any future assets that get added to the grouping criteria (such as Accounts for AWS or VMFolder for VMware) get assigned to the department administrator in that organizational unit automatically.
Zero trust security: Corporate IT teams in large enterprises or Managed Service Providers no longer need to have credentials of all data sources. They can add their department administrators or tenants respectively and then these administrators can add their respective data sources and ensure that visibility is restricted to their own department.
Contextual navigation: Corporate IT teams can easily change the context and “view” everything as the department administrator. This helps both teams resolve issues very quickly.
Consistent data protection: Corporate IT teams can create reference policies that department administrators can use to protect their assets. They cannot modify such policies, but they can use this policy to provide consistent data protection across different data sources.

This first phase of Clumio Access Management is available now. Future updates to Clumio Access Management will include the ability to create custom and/or pre-defined roles to allow select administrators to manage the actions that organizational unit administrators can perform in the Clumio portal.