The standards and regulations that Dropbox Business and Education comply with

ISO

CSA STAR

SOC

FERPA and COPPA

UK Digital Marketplace G-Cloud

HIPAA / HITECH

PCI DSS

유럽 연합과 미국 간 개인정보 보호 쉴드(Privacy Shield) 및 스위스와 미국 간 개인정보 보호 쉴드(Privacy Shield)

유럽 연합 일반 데이터 보호 규정

The International Organization for Standardization (ISO) has developed a series of world-class standards for information and societal security to help organizations develop reliable and innovative products and services. Dropbox has certified its data centers, systems, applications, people, and processes through a series of audits by an independent third-party, Netherlands-based EY CertifyPoint.

  • Note: Dropbox Paper is not included in the scope of the ISO certifications.

ISO 27001 (Information Security Management)

ISO 27001 is recognized as the premier information security management system (ISMS) standard around the world. The standard also leverages the security best practices detailed in ISO 27002. To be worthy of your trust, we’re continually and comprehensively managing and improving our physical, technical, and legal controls at Dropbox. Our auditor, EY CertifyPoint, maintains its ISO 27001 accreditation from the Raad voor Accreditatie (Dutch Accreditation Council).

View the Dropbox Business and Education ISO 27001 certificate.

ISO 27017 (Cloud Security)

ISO 27017 is a new international standard for cloud security that provides guidelines for security controls applicable to the provision and use of cloud services. Our Shared Responsibility Guide explains several of the security, privacy, and compliance requirements that Dropbox and its customers can solve together.

View the Dropbox Business and Education ISO 27017 certificate.

ISO 27018 (Cloud Privacy and Data Protection)

ISO 27018 is an emerging international standard for privacy and data protection that applies to cloud service providers like Dropbox who process personal information on behalf of their customers and provides a basis for which customers can address common regulatory and contractual requirements or questions.

View the Dropbox Business and Education ISO 27018 certificate.

ISO 22301 (Business Continuity Management)

ISO 22301 is an international standard for business continuity that guides organizations on how to decrease the impact of disruptive events and respond to them appropriately if they occur by minimizing potential damage. The Dropbox business continuity management system (BCMS) is part of our overall risk management strategy to protect people and operations during times of crises.

View the Dropbox Business and Education ISO 22301 certificate.

Cloud Security Alliance: Security, Trust, and Assurance Registry (CSA STAR)

The CSA Security, Trust & Assurance Registry (STAR) is a free, publicly-accessible registry that offers a security assurance program for cloud services, thereby helping users assess the security posture of cloud providers they currently use or are considering contracting with.

Dropbox Business and Education have received the CSA STAR Level 2 Certification, a third-party independent assessment of our security controls by EY CertifyPoint based on the requirements of ISO 27001 and the CSA Cloud Controls Matrix (CCM) v.3.0.1, a set of criteria that measures the capability levels of cloud services. Dropbox Business has also completed the CSA STAR Level 1 Self-Assessment, a rigorous survey based on CSA’s Consensus Assessments Initiative Questionnaire (CAIQ), which aligns with the CCM, and provides answers to almost 300 questions a cloud customer or a cloud security auditor may wish to ask.

View our CSA STAR Level 1 Self-Assessment and Level 2 Certification on the CSA website.

  • Note: Dropbox Paper is not included in the scope of the CSA STAR registry listing.

SOC Reports

Service Organization Controls (SOC) Reports, known as SOC 1, SOC 2, or SOC 3, are frameworks established by the American Institute of Certified Public Accountants (AICPA) for reporting on internal controls implemented within an organization. Dropbox has certified its operations, processes, and technology by an independent third-party auditor, Ernst & Young LLP.

  • Note: Dropbox Paper is not included in the scope of the SOC reports.

SOC 3 for Security, Confidentiality, Integrity, Availability, and Privacy

The SOC 3 assurance report covers all five Trust Service Principles of Security, Confidentiality, Integrity, Availability, and Privacy (TSP Section 100). The Dropbox general-use report is an executive summary of the SOC 2 report and includes the independent third-party auditor's opinion on the effective design and operation of our controls.

View the Dropbox Business and Education SOC 3 examination.

SOC 2 for Security, Confidentiality, Integrity, Availability, and Privacy

The SOC 2 report provides customers with a detailed level of controls-based assurance, covering all five Trust Service Principles of Security, Confidentiality, Processing Integrity, Availability, and Privacy (TSP Section 100). The SOC 2 report includes a detailed description of Dropbox processes and the more than 100 controls in place to protect your stuff. In addition to our independent third-party auditor's opinion on the effective design and operation of our controls, the report includes the auditor's test procedures and results for each control. The SOC 2 examination for Dropbox Business and Education is available upon request through the sales team or the account management team.

SOC 1 / SSAE 16 / ISAE 3402 (formerly SAS 70)

SOC 1 보고서는 Dropbox Business 또는 Education이 ICFR(내부회계 관리제도)의 핵심 요소임을 밝히는 특별 보증을 고객들에게 제공합니다. 이러한 특별 보증은 고객의 SOX(Sarbanes-Oxley) 준수를 위해 주로 사용됩니다. 외부 감사는 SSAE 16(Statement on Standards for Attestation Engagements No. 16) 및 ISAE 3402(International Standard on Assurance Engagements No. 3402)에 따라 수행됩니다. 이 표준은 SAS 70(Statement on Auditing Standards No. 70)을 대체합니다. Dropbox Business 및 Education에 대한 SOC 1 검사에 대해 고객 요청이 있는 경우 Dropbox 영업팀 또는 고객 관리팀에서 제공해 드립니다.

Students and Children (FERPA and COPPA)

Dropbox Business and Education allows customers to use the services in compliance with the vendor obligations imposed by the US Family Education Rights and Privacy Act (FERPA). Educational institutions with students under the age of 13 can also use Dropbox Business or Education consistent with the Children's Online Privacy Protection Act (COPPA), provided that they agree to specific contractual provisions requiring the institution to obtain parental consent regarding the use of our services.

UK Digital Marketplace G-Cloud

Dropbox Business is now listed in the United Kingdom (UK) Digital Marketplace for government cloud services procurement.

View our listing on the UK Digital Marketplace website.

  • Note: Dropbox Paper is not included in the scope of the UK Digital Marketplace G-Cloud listing.

HIPAA / HITECH

Dropbox will sign business associate agreements (BAAs) with Dropbox Business and Education customers who require them in order to comply with the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH).

Learn more by visiting our Getting Started with HIPAA guide and our Help Center article.

Dropbox makes available a third-party assurance report evaluating our controls for the HIPAA/HITECH Security, Privacy, and Breach Notification rules, as well as a mapping of our internal practices and recommendations for customers who are looking to meet the HIPAA/HITECH Security and Privacy rule requirements with Dropbox Business and Education.

상기 문서를 요청하려는 고객은 영업팀 또는 고객 관리팀에 문의하세요. Dropbox Business 또는 Education 계정의 팀 관리자는 관리 콘솔계정 페이지에서 BAA에 전자 서명을 할 수 있습니다.

Notes:

HIPAA/HITECH 적용 대상 고객인 경우, PHI를 Dropbox 계정에 전송하려면 먼저 BAA를 체결해야 합니다. Dropbox Business 구매에 대한 자세한 내용은 Dropbox 영업팀에 문의하세요. Dropbox Business 또는 Education 계정의 팀 관리자는 관리 콘솔계정 페이지에서 BAA에 전자 서명을 할 수 있습니다.

Notes:

PCI DSS

Dropbox는 PCI DSS(지불 카드 데이터 보안 표준)를 준수합니다. 하지만 Dropbox Business, Education, Dropbox Paper에서는 고객의 신용카드 거래 내역을 처리하거나 저장하지 않습니다. Dropbox의 PCI 규정 준수 상태에 관한 AoC(규정 준수 인증서) 요청이 있는 경우 영업팀 또는 고객 관리팀을 통해 제공합니다.

유럽 연합과 미국 간, 그리고 스위스와 미국 간 개인정보 보호 쉴드(Privacy Shield)

Dropbox는 유럽 연합, 유럽 경제 지역 및 스위스에서 미국으로 전송되는 개인 정보의 수집, 이용 및 보관에 관해 미국 상무부가 규정한 유럽 연합과 미국 간 세이프 하버 프레임워크(Safe Harbor Framework) 및 스위스와 미국 간 세이프 하버 프레임워크(Safe Harbor framework)를 준수합니다. 조직에서 개인정보 보호 쉴드(Privacy Shield) 원칙을 준수하면 유럽 연합 데이터 보호 지침에 따라 개인정보를 충분히 보호할 수 있습니다.

Dropbox의 개인정보 보호 쉴드 인증서를 확인하거나, 개인정보 보호 쉴드 웹사이트에서 자세히 알아보세요.

유럽 연합 일반 데이터 보호 규정(GDPR)

일반 데이터 보호 규정 2016/679 즉, GDPR은 유럽 연합에 거주하는 개인들의 개인 데이터를 처리하는 기존 프레임워크를 크게 변화시키는 유럽 연합 규정입니다. GDPR은 Dropbox와 같이 개인 데이터를 처리하는 업체에 적용될 일련의 신규 또는 개선 요건을 제시합니다. 2018년 5월 25일부터 적용되는 이 규정은 데이터 보호 지침으로 더 잘 알려져 있는 현재의 EU 지침 95/46 EC를 대체하게 됩니다. 이 규정이 적용되는 모든 업체와 마찬가지로, Dropbox는 앞으로도 세부적인 GDPR 준수 계획을 세워 이행할 것이며 2018년 5월 25일 전에 완벽한 규정 준수를 하기 위해 노력하고 있습니다. Dropbox와 유럽 연합 일반 데이터 보호 규정에 대해 자세히 알아보기

이 도움말이 유용했나요?

그러셨군요. Dropbox에서 개선할 수 있도록 알려주세요.

의견을 보내 주셔서 감사합니다!

커뮤니티 답변
    커뮤니티 답변

      도움을 받을 수 있는 기타 방법

      커뮤니티

      Twitter 지원

      안내서