Data Protection, Privacy & Security
InterSystems commits to its Global Trust program by providing appropriate and necessary protections and safeguards to ensure the legitimate use, proper disclosure, and minimal contact of any Personal Information, which, for InterSystems, encompasses the legal and regulatory definitions of personal data, whether InterSystems is a Data Controller or Data Processor, to include any and all information or data (regardless of format) that (i) identifies or can be used to identify, contact or locate an individual, or (ii) that relates to an individual, whose identity can be either directly or indirectly inferred, including any information that is linked or linkable to that individual regardless of any attributes or status of such individual.
Our Global Trust program uses a framework of controls based on ISO, HIPAA, NIST, APEC CBPR, and EU DPD/GDPR requirements. In order to support Global Trust we (1) identify the specific purposes for which we may need to collect, use, or disclose Personal Information, (2) operationalize protections surrounding Personal Information relating to the privacy rights of individuals while ensuring availability for proper and authorized uses and disclosures, (3) implement safeguards to secure the confidentiality, integrity, and availability of Personal Information in our environments, (4) address education and awareness through a comprehensive Global Trust training initiative, and (5) respond promptly to any actual or suspected threats or vulnerabilities affecting Personal Information.
This briefing paper highlights more specifics of our data protection practices as they pertain to the InterSystems products and services.