The Regulatory Compliance Module (RCM) for Globalscape EFT achieves or exceeds security practices mandated by government and industry standards such as GDPR, CCPA, PCI DSS, HIPAA, Sarbanes-Oxley, and others for data transfer, access, and storage. The module protects data in transit by enforcing the use of secure protocols, strong ciphers and encryption keys, and by maintaining strict password policies. Whether your organization is obligated to comply with specific compliance regulations, or you simply want the utmost in security standards, the Regulatory Compliance Module is your easy-to-implement solution. Globalscape EFT's enterprise-level solution provides a secure and efficient way to not only protect sensitive data, but also ensures organizations have the preventive data security measures in place to meet and maintain compliance easily.
Whether you have to comply with PCI DSS, GDPR, CCPA, FIPS 140-2, HIPAA, HITECH, SOX, GLBA/FFEIC, DIACP, or other existing or future regulations, a setup wizard provides you with an easy, step-by-step method to configure a security-enabled site with each page describing the requirement and what you need to do to meet that requirement, or to provide a compensating control (workaround.) The RCM, in concert with EFT and DMZ Gateway®, helps organizations comply with data storage requirements – including not storing data in the network distribution management system (DMS). EFT uses repository encryption and securely sanitizes (wipes) deleted data so that it cannot be reconstituted.
Strong Ciphers and Encryption Keys
With support for multiple secure protocols, including FIPS 140-2 certified protocols, the RCM thoroughly protects data in transit, enforces the use of secure protocols, strong ciphers, encryption keys and password policies, and ensures data transfers strictly follow all security guidelines
Automatically Enforce Compliance Policies
Through Event Rules, EFT with the RCM supports compliance with GDPR. Any GDPR right exercised can trigger a User Events Rule with a configured Report Action to generate any of EFT’s Privacy Report actions. Subsequent actions can occur based on inspection rules, including sending email notifications, integrating with virus scanners and DLP tools, or allowing the file to continue to its destination.
Generate Reports of All EFT and RCM Activity
With the addition of the Regulatory Compliance module, all transfers, event rules, and user/admin/system activity are tracked in a log file and in the database, allowing you to generate reports of that data, including reports such as:
- Predefined PCI DSS Compliance
- Data Protection Impact Assessment
Many other reports of activity, traffic, and security are installed with the module, and you can customize them with other information that is captured in the database.