June 23, 2023
We're pleased to announce the release of our new integration with RapidFire Tools' Compliance Manager GCM. This integration allows us to offer sensitive data scanning, a sensitive data summary, and visual indicators identifying where, among Workplace files, personal identifiable information (PII) is stored. This report is the result of a Compliance Manager GRC sensitive data scan of all Workplace-stored data.
If you are a Workplace and Compliance Manager customer, your service provider can enable this integration by mapping your Workplace team to your Compliance Manager site. If they do, you'll see some new icons in your Workplace interface, and a new special report will be available to anyone on your team who has access to the Reports page.
Certain standards, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), require identification of where PII is stored. Other standards, such as the Payment Card Industry Data Security Standard (PCI DSS) require that some types of information, such cardholder data, be limited to the Cardholder Data Environment and segmented from the rest of the network. Depending on the level of PCI compliance, storage of cardholder data (such as credit card numbers) on drives is strictly prohibited. And the Health Insurance Portability and Accountability Act (HIPAA) require that electronically stored, protected health information (ePHI) be protected in specific manners.
Datto Workplace is, among other things, a secure, version controlled, and logged file storage mechanism. As files (.doc, .docx, .xls, .xlsx, .txt) are uploaded from Windows, Mac, iPhone/Android devices, or via web upload, they are processed, scanned, and logged before they're stored in Datto Workplace.
Compliance Manager GRC includes sensitive data scanning; it looks for PII (for GDPR and CCPA), ePHI (for HIPAA), and cardholder data (for PCI DSS).
The Compliance Manager Integration and the PII Scan and Summary that it provides augment the Datto Workplace pre-upload scanner with the Compliance Manager GRC deep file scanner. That scanner looks for PII, ePHI, and cardholder data in files uploaded to Workplace. If any such information is found, the file is tagged, in Workplace, with the specific information type, e.g. Date of Birth, License Number, etc.
When performing a compliance assessment, Workplace users can provide proof of data classification and protection. The integration queries Datto Workplace for all locations of sensitive data as well as which user uploaded the data. Then Compliance Manager GRC presents the findings to the Internal Auditor to determine if there are violations that should be addressed. Any issues will appear in the Plan of Action and Milestones.
With this integration, only newly created, modified, or downloaded files are scanned. The scan occurs when files are changed and/or uploaded to Datto Workplace. This means that during the compliance assessment process, the deep scan is unnecessary and the location and owner of sensitive data is available immediately; you'll have deep scan data available on demand.