We are kicking off the beginning of the year with some significant privacy & security assurance improvements:
- Esri Privacy Shield Compliant – As many of you know, a little over 1 year ago Safe Harbor was found to be inadequate by the European Commission for covering data transfers under EU law. The US replacement framework, called Privacy Shield, was determined as adequate mid-2016. Esri is now Privacy Shield self-certified and is listed on the US Dept. of Commerce Privacy Shield website.
- New Products & Services Privacy Statement – Previously, we had a supplemental privacy statement specifically for ArcGIS Online, however, we recognize that our customers deserve stronger privacy assurance across the products and services they purchase from Esri, so we have expanded the supplement significantly to cover items such as ArcGIS Online, Professional Services, and Support.
- Cloud Security Alliance (CSA) Answers – Esri has proudly posted 30 pages for the most common ArcGIS Online security questions to the CSA STAR registry since 2013. We have recently refreshed the ArcGIS Online answers for the latest revision of the CSA Cloud Controls Matrix (CCM) version 3.0.1. We have also now posted our answers for Esri Managed Cloud Services Advanced Plus to the CSA STAR registry.
- ArcGIS Pro USGCB Self-Certified – With the release of ArcGIS Pro 1.4 we went overboard with a stronger security algorithm then currently approved for FIPS 140-2 compliance. ArcGIS Pro patch 1.4.1 fixes this issue and was run through USGCB self-certification, so our US government customers can rest assured ArcGIS Pro will work with security hardening constraints in place such as FIPS 140-2.
– The Security Standards & Architecture Team