Hanzo received its SOC2 Type 2 certification in October 2019 following a thorough audit. This certification demonstrates that the company has extensive controls in place to protect against unauthorized access (both physical and logical). Our SOC2 report is prepared by an Independent Certified Public Accounting agency that audits security principles and practices formed under the AICPA. The SOC2 report is available under NDA upon request.
Hanzo’s enterprise ediscovery and compliance solutions are developed with industry best practices, legal-defensibility and security in mind. Companies trust and adopt our software into their enterprise ecosystems because Hanzo demonstrates its commitment to security across three critical security domains: company, application, and hosting provider.
From the application development process, to data retention, to encryption, authentication and authorization, Hanzo’s applications are designed to be secure. All customer information is encrypted when transmitted to and from Hanzo’s applications and a customer’s web browser via HTTPS (data-in-transit). All customer information retained on Hanzo’s storage systems is encrypted using unique 256-bit encryption keys with strict access control (data-at-rest).
Hanzo encourages all customers to use single sign-on (SSO) to ensure a secure authentication and user identification process. SSO allows your existing account provisioning and de-provisioning, and robust password controls.
Hanzo respects the privacy and confidentiality of all customer data, and strictly adheres to GDPR practices and protocols. We comply with the EU Global Data Protection Regulation, as well as US domestic privacy regulations such as the California Consumer Privacy Act (CCPA) of 2018. For more specifics, visit the Hanzo privacy policy.
Hanzo Dynamic Capture retains customer data per the instructions of our customers, with no automatic disposition or destruction of data. Customers can direct us to return and/or dispose of their data pursuant to their instructions. Hanzo Hold retains data as long as it is subject to a legal hold or compliance obligation. Once the hold or compliance obligation is removed, data that is no longer subject to a hold will be deleted automatically and an audit record will remain to document the process.
Hanzo’s IT Buyer’s Guide provides an in-depth overview of our security policies and practices, and is intended to address the IT professional’s most common considerations surrounding bringing new software into the enterprise such as security, privacy, and other data considerations.
Read MoreWhat are the differences between the Slack corporate export and Slack Discovery API? Read this article to learn more.
Read MoreThe California Consumer Privacy Act (CCPA)—the most comprehensive personal data privacy legislation anywhere in the United States so far. Is your website in compliance?
Read More