Quality Clouds for Compliance
Compliance is enormously important in modern IT setups. In some industries it can be an all-encompassing topic, requiring strict adherence to various internal policies and legal regulations. For SaaS, in particular, one of the biggest issues can be transparency. Platforms can be opaque, with vital information scattered, making successful governance difficult to achieve. Despite this, the potential risks of not being compliant are enormous, so organizations often have to undertake very inefficient processes by necessity.
Identify potentially costly risks in your SaaS framework
Adhere to regulations and standards with customizable best practice reviews
Provide governance and transparency to SaaS development with comprehensive analytics
How can Quality Clouds help with GDPR Compliance?
Even though full GDPR compliance procedures can run into the hundreds of pages, the one key point is that organizations can not be GDPR compliant unless they can show that they are making a best effort to identify every piece of Personally Identifiable Information they are storing about their customers and employees.
While Quality Clouds is not a full-fledged GDPR compliance solution, it can effectively help organizations close an often-overlooked gap in their inventory of how Personally Identifiable Information (PII) is used in their IT systems: Usage of PII information in their code and in their data storage metadata (table and field names).
Quality Clouds scans match the main PII and extra-sensitive PII keywords against the source code present in your SaaS instance, as well as against the custom table names and column names of the underlying data storage. Each match is raised as an issue in the scan results.
The matches are implemented by default in English, Spanish, German and French. Any other languages can be added on an ad-hoc basis via Custom Rules.
As opposed to other issues which are raised when a violation of a standard best practice is detected, GDPR issues are raised whenever a matching PII keyword is found in code or field or table names. These do not necessarily have to be “remediated” in the sense of removing them if they are legitimate uses of PII information. Instead, remediation should be understood as including the list of such elements in the global inventory of PII information being stored and processed by the organization.