SentinelOne provides endpoint protection solutions that collect and process various datasets equally, without regard to how a customer might classify their data. As such, SentinelOne does not treat any specific dataset processed by its Solutions as Personal Healthcare Information (PHI) under HIPAA and/or HITECH. Any processing of specific data types is purely incidental, and not required to use the Solutions. SentinelOne does not collect any PHI in providing its Solutions to customers.
SentinelOne has implemented a host of information security controls to protect all customers data it processes on behalf of its customers in accordance with HIPAA’s Privacy and Security Rules, and ensure confidentiality, integrity, protection against anticipated threats, workforce management, and access controls among a host of technical, administrative and physical safeguard. As such, SentinelOne is now HIPAA compliant and able to enter business associate agreements to such effect. For more information about SentinelOne’s Business Associate Agreement (“BAA”), please contact SentinelOne privacy team at [email protected]
SentinelOne has implemented a range of privacy and security controls across the organization to ensure compliance with the General Data Protection Regulation (GDPR) by the May 2018 deadline.
Among other things, SentinelOne has trained its employees and established an ongoing training program, added a host of technical security measures, mapped PII storage throughout the organization, defined appropriate access right limitations, ensured that individual access/portability/right-to-be-forgotten rights are respected, appointed a Data Protection Officer (DPO), entered into Data Processing Addendums (DPAs) with relevant data processors, and offers to enter into DPAs with EU-based customers subscribing to the Solutions at certain pricing levels.
SentinelOne is committed to continued compliance with GDPR and all other relevant privacy regulations for the benefit of its customers. Contact us for more information about Our privacy program.
How SentinelOne Can Help Your Organization’s Compliance
The SentinelOne Solution can help your organization achieve compliance with HIPAA Security Rule, which requires that organizations use and regularly update anti-virus software or programs on all systems commonly affected by malicious software.
The SentinelOne Static and behavioral AI can help your organization to detect and respond to malware attacks.
The SentinelOne Deep Visibility and automated EDR capabilities can help your organization to understand and mitigate suspicious events.
The SentinelOne Vigilance automated SOC services can add another level of security to your organization, by offering the services of security experts that can proactively help your organization detect and respond to threats.
For more information about how SentinelOne can help your organization’s HIPAA compliance, read the Tevora PCI and HIPAA Whitepaper.
The SentinelOne Solution can help your organization achieve GDPR compliance with the data protection by design and by default requirement in Article 25, the security of processing requirement in Article 32 which require applying technical and organizational measures for data processors and with Articles 33 and 34 which apply specific requirement for breach notification, assessment and remediation.
For more information about how SentinelOne can help your organization’s GDPR compliance, read the SentinelOne GDPR Datasheet.