When the time to talk about regulation is nigh and you need to choose a cloud-based infrastructure provider, certifications are often a good key indicator to understand how your data is going to be protected. Let’s have a look at the “must-haves” regarding regulation and take a deeper dive into the world of data protection certifications Rainbow has to offer.

International and local certifications & compliances with industry standards

ISO-27001 & SOC

Based on the Information Security Management System (ISMS), ISO-27001 is an international standard with a framework designed to manage sensitive data specifically. The SOC (System and Organisation Controls) encompasses the full range of services used by a company to protect sensitive data. There are multiple SOCs (SOC1, SOC2, SOC3) depending on the level of detail requested by the SOC reports. Modern data centres rely on ISO-27001 and SOC-certified technologies, as well as barbed-wire fence isolation with physical access being strictly monitored 24/7.

HDS-Certification

HDS for “Healthcare Data Security” is an important certification when it comes to storing and securing healthcare data. HDS is a strong certification that Rainbow Alcatel-Lucent Enterprise uses to ensure that Rainbow users in the healthcare industry can share, communicate, and store data securely. This includes a strong internal audit of Rainbow done by the security team and many additional procedures involving a third-party auditor who ultimately grants or denies the certification. With Rainbow Alcatel-Lucent Enterprise offers a solution hosted on a dedicated and independent data centre specifically designed for hosting sensitive healthcare data (HDS in France).

ANSSI CSPN

ANSSI CSPN “Agence nationale de la sécurité des systèmes d’information” or “National Agency for Information System Security” is specific for the French market. It certifies that an employee or a person is knowledgeable and proficient enough to manage security incidents in a work environment. It usually goes hand in hand with SOC. This is one of the highest-level security certifications a cloud infrastructure provider can acquire.  This certification for Rainbow by Alcatel-Lucent Enterprise is on-going.

AGID

The agency for a Digital Italy is under the presidency of the Council of Ministers. It regulates use of, storage of, and access to key data, guaranteeing security.  Reinforcing conscientious behaviour of a company or corporation, it is the best way to demonstrate that we are implementing appropriate measures for the Italian cloud market. The certification issued by AGID complies with the ISO/IEC 27001 standard and is verified by a third-party auditor.

GDPR

The General Data Protection Regulation has been in effect since May 25, 2018. It allows for more control over your personal data, as it demands explicit consent to your policies from every prospect visiting your domain prior to accepting them. Hence why there is a consequential awareness regarding this certification. Rainbow services are designed to be compliant with the European General Data Protection Regulation, which enforces individual privacy and data protection on a pan-European scale.

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law set up by the United States. It regulates PHI (personal health information) for American healthcare providers, ensuring data security and integrity. It requires multiple safeguards for PHI.

FERPA

The Family Educational Rights and Privacy Act is another federal law in the United States. This certification ensures the data privacy of students and forces schools to provide a layer security to their data. It builds on the fact that students should have total control over their records.

ENS

Certification established by the Spanish National Security System in order to have everything in place to guarantee proper protection of information systems against internal and external threats or incidents.

Secure and affordable infrastructure with the ability to federate existing on-premises investments

Secure and adhering to local regulations since its inception back in 2015, Rainbow is being developed with security by design and it remains at the core of our concerns when thinking of improvements and new features. Our design, conception, and service reliability engineer teams are based in the three French Alcatel-Lucent Enterprise offices located in Brest, Illkirch and in Colombes, our headquarters. Both our European and worldwide Rainbow services are  operated by the strategic ALE partner – OVHcloud. Our data centres are available in multiple geographically dedicated regions. Rainbow Edge allows the service to be operated in a customer’s private cloud of choice, providing even more proficient data security. When we say «secure by design», we mean that data in Rainbow is encrypted in transit and at rest (WebRTC, AES-256), providing secure communications for business of all sizes regardless of location. As a solution developed in and operated from Europe, France, Rainbow cannot be forced to comply to neither the CLOUD act nor the PATRIOT Act.