4 Replies Latest reply on Aug 6, 2013 2:33 PM by TaxRefund1111111

    Security Standards Compliance

    TaxRefund1111111

      I want to use PDF & FormsCentral to communicate customer data, but the data can be sensitive, so there are security requirements that I must follow.  Specifically, FormsCentral must be:

      SSAE 16 compliant providing physical and network level security- a type 2 certificate.

      There must be a patch application process that keeps the patch levels reviewed/up-to-date,

      and the physical location of the data must be within the U.S. 

       

      Is Adobe/Forms Central compliant?  Can I get the certificates that attest to this?

        • 1. Re: Security Standards Compliance
          Genevieve Laroche Adobe Employee

          Here is a FAQ about our security policy : http://forums.adobe.com/docs/DOC-1384

           

          Gen

          • 2. Re: Security Standards Compliance
            TaxRefund1111111 Level 1

            I have read this document, and while I'm pleased to see that there is outside auditing and uses 'latest technology', I want an Yes/No answer to:  is it SSAE 16 compliant (type 2 certificate)?

            Is the data within the US?

            • 3. Re: Security Standards Compliance
              Dave Merchant MVP & Adobe Community Professional

              The Acrobat.com server runs on the Akamai CDN, so your questions don't have a simple answer.

              • 4. Re: Security Standards Compliance
                TaxRefund1111111 Level 1

                From Akamai's website, they say they

                "[We] Reduce risk and support your internal ISO, FISMA, BITS, HIPAA and PCI compliance requirements

                Akamai's Compliance Management solution is designed to help enterprises reduce the time and expense associated with meeting the performance and reporting standards of key regulatory compliance initiatives.

                 

                Compliance Management is an integrated solution that provides compliance tools and documentation around the delivery of business applications and Web sites, helping you to meet regulatory standards for PCI compliance (credit card processing), federal information security management, the ISO Code of Practice for Information Security Management, financial services regulations, and the Health Insurance Portability and Accountability Act (HIPAA)"

                 

                So it looks like there's a possibility of some fairly robust security here. The Akamai people say that it depends on your SLA with them, which they can't disclosure with permission.  Does Adobe offer various security levels for its product/services?  Do you use a flat minimum level of security across the company?  Can you find out what your SLA with Akamai is?

                 

                I want to use your products to create a convenient means for my company's customers requesting services from us- the request must include their account information, which is confidential.  To use your product, I need to know the security with which it operates.