New HIPAA and PCI-DSS Compliance Attestations for Splunk Cloud

Customers who manage systems in private clouds understand the challenge of managing to compliance initiatives. New legal and regulatory initiatives need to be incorporated and broad guidelines must be interpreted into a prescriptive working plan. Splunk Cloud now provides such an option for customers who require compliance with HIPAA or PCI initiatives.

Health Insurance Portability and Accountability Act (HIPAA) – HIPAA is a set of national rules for the privacy and security of individuals’ health information called Protected Health Information (PHI) and establishes standards for accessing, storing and transmitting medical data.

Splunk Cloud has been third-party audited and assessed to meet the data security requirements of the HIPAA statute and maintains a security profile required by law. Customers can request a ‘HIPAA Compliance’ report and/or a Business Associate Agreement (BAA) for their own compliance reporting.

Payment Card Industry Data Security Standard (PCI-DSS) – The PCI-DSS is a security standard set by the credit card industry to ensure that organizations that accept, process, store, or transmit credit card information maintain a secure environment. It applies to “Merchants"—entities that accept payment cards from American Express, Discover, JCB, Mastercard or Visa—and requires them to use PCI-DSS-compliant third-party service providers when processing cardholder data.

Splunk Cloud’s PCI attestation means that Splunk Cloud meets the applicable security requirements of PCI-DSS, can provide an ‘Attestation of Compliance’ report, and can serve as a trusted PCI compliance service provider for our Merchant customers.

Read more about our compliance options or contact an account executive to discuss incorporating compliance capabilities into your Splunk environment.

Follow all the conversations coming out of #splunkconf18!

Follow @splunk

----------------------------------------------------
Thanks!
Sundeep Gupta