Historian Yuval Noah Harari is famously quoted as stating that whoever owns the data owns the future. As we’ve come to realize, this truth can create power imbalances between different countries as well as imbalances between large and small enterprises. For this reason, the idea of “data sovereignty” is becoming increasingly important, as the amount of data available in the world (and to corporations) grows. It’s a challenge for businesses to continually ensure the protection of data while keeping up with various regulations such as GDPR.
What is data sovereignty?
Data sovereignty refers to the idea that data are subject to the laws and governance structures within the nation it is collected – so having the ability to store data in a particular country or jurisdiction is critical to be able to meet these requirements. But what does this mean for software providers?
It is a core requirement that enterprise software suppliers host a version of their application and databases in the home market of the customer. This data sovereignty requirement is particularly important for our clients in regulated industries such as financial services, telecommunications and local government as well as for EU-based clients who otherwise need to disclose data flows outside of the EU.
Understanding SOC2 compliance
SOC 2, developed by AICPA, are requirements for technology-based service organizations that store client information in the cloud. Businesses that are SOC 2 compliant have undergone a process in which an external CPA firm certifies that the business meets a number of security requirements. SOC 2 (Service Organization Control) is a type of audit that assesses the controls related to a company's non-financial reporting. It is typically used by service organizations that handle sensitive customer information, such as cloud-based contact centers covering the foillowing:
- Security: Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems and affect the entity’s ability to meet its objectives.
- Availability: Information and systems are available for operation and use to meet the entity’s objectives.
- Processing integrity: System processing is complete, valid, accurate, timely, and authorized to meet the entity’s objectives.
- Confidentiality: Information designated as confidential is protected to meet the entity’s objectives.
- Privacy: Personal information is collected, used, retained, disclosed, and disposed to meet the entity’s objectives.
AWS Foundational Technical Review (FTR)
ISV partners of AWS such as Local Measure are held to further, specific standards by AWS to ensure they meet AWS’ best practices for the architecture and security of their environments.
Certification of the AWS Foundational Technical Review means that architecture, processes, systems & monitoring, and automation controls meet the level of technical excellence that AWS expects from its ISV partners. Clients can be assured that the business aligns with the best practices around the five pillars of the AWS Well-Architected Framework, namely Security, Reliability, Operational Excellence, Performance Efficiency, and Cost.
Local Measure’s clients can rest assured that:
- Engage for Amazon Connect is able to run multiple instances of the software in all regions where Amazon Connect is available to preserve data sovereignty.
- Local Measure is SOC 2 certified.
- As an AWS Advanced Technology Partner, Local Measure has passed the AWS Foundational Technical Review (FTR).
If you are thinking of moving some or more of your business to cloud computing, you can learn more about the data protection offered by the AWS cloud and about Engage for Amazon Connect.