Compliance
SOC2
Under SOC2 Alkira conducts independent evaluation of our systems and users accessing the systems to make sure controls are designed, implemented, and operated to provide reasonable assurance that its service commitments and system requirements were achieved based on the trust services criteria relevant to security, availability, and confidentiality (“applicable trust services criteria”) set forth in TSP 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria).
Contact us if you have any questions related to SOC2 or would like to have access to SOC2 report.
PCI-DSS Compliance
Alkira adheres to the Payment Card Industry Data Security Standard (PCI DSS), a globally recognized framework designed to enhance the security of credit, debit, and cash card transactions. This compliance ensures the protection of cardholder data and safeguards against the misuse of personal information.
GDPR
Our GDPR readiness
Our GDPR program addresses our responsibities as both a data controller and a data processor. We have prepared a Data Processing Agreement to address how we process our customer’s data in compliance with the act. Click here for the DPA – or check the FAQs for further information.
Resources
We have compiled some helpful resources to help you learn more.
EU Commission GDPR Guidance
UK ICO Guidance
FAQs
To whom does the GDPR apply?
The GDPR stands for the General Data Protection Regulation, which is a comprehensive EU data protection law adopted in May 2016, updating the existing EU data protection law (the 1996 Data Protection Directive) to further strengthen the protection of personal data of individuals in the EU. It takes full effect on May 25, 2018.
Does GDPR apply to companies that are not based in the EU?
The GDPR applies to organizations that collect and process personal data of individuals in the EU for their own purposes, defined as Controllers by the regulation, as well as to organizations that process data on behalf of others, defined as Processors by the regulation. This is a shift from the preceding EU data protection law, which only applied to controllers.
What are the resources available to me as an Alkira customer?
Alkira has a Data Processing Agreement that all new customers can enter into. We are also making available to our existing customers a pre-signed Data Processing Agreement they can download here, the terms of which address the requirements of art. 28 for contracts between data controllers and data processors.
How is Alkira addressing cross-border data transfers under the GDPR?
Alkira has executed inter-company agreements based on the EU approved standard contractual clauses, to support the transfer of customer data from the EU to the US.
What if customers want to keep data within the EU?
Currently, Alkira does not facilitate such requests.
How do I make a Data Subject Access Request to Alkira?
You can visit the Data Subject Access Request page here