File Transfers Remain Compliant with Security Standards
GDPR, GxP, PCI DSS and HIPAA compliant file sharing can be maintained with cloud managed file transfer (MFT) solutions that have several key security features, including
- Encryption in transit and at rest
- Role-based access controls
- Multi-level retention policies
- Audit and logging
GDPR
If your business processes personal data of any EU citizens or residents, you must comply with General Data Protection Regulation (GDPR). By securing data in transit and at rest, Thru can help your business remain compliant.
GDPR compliance information »
Thru GDPR Compliance Policy »
GxP
GxP refers to general “good practices” in regard to quality guidelines and regulations, with the “x” standing for various fields or industries. Thru has core features that enable compliance to GxP and FDA 21 CFR Part 11. Key functionality for creating, storing and managing GxP-regulated files includes granular audit, role-based access controls, end-to-end encryption (E2EE) and antivirus scanning.
GxP and FDA 21 CFR Part 11 compliance information »
Thru GxP Compliance Policy »
HIPAA
Health Insurance Portability and Accountability Act (HIPAA) was put in place in 1996 to protect patients’ protected health information (PHI). Any company that has access to PHI must achieve and maintain HIPAA compliance. Thru’s tracking and monitoring capabilities can help maintain compliance.
HIPAA compliance information »
Thru HIPAA Compliance Policy »
PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards that protects debit and credit cardholders from fraud. Several features of MFT solutions, such as encryption in transit and at rest, antivirus scanning, role-based access controls and tracking, help companies achieve compliance.
How MFT Helps with PCI Compliance »
Data Center Certification
Thru runs in certified Microsoft Azure data centers in the United States, United Kingdom, Germany and Australia. Azure data centers are compliant with the following security standards:
- SSAE 18 / ISAE 3402 (previously SAS 70)
- SOC 3 SysTrust
- ISO 27001
- PCI Level 1 Service Provider Certified
- Tier III Standards Compliant
Third-Party Security Assessments & Certificates
Thru has been assessed by third-party vendors and complete results reports are available upon request:
- Cybersecurity Rating by SecurityScorecard »
- Security Rating by Bitsight Technologies »
- CyberVadis Cybersecurity and Data Privacy Performance »
- Cyber Essentials Certification »
Audit & Logging
An administrator can easily produce an audit trail for all files that pass through our secure file transfer solution. Thru’s MFT solution records granular details of secure file transfer activity, user actions, metadata and any changes to records in the system. These logs can be viewed in dashboards, manually downloaded or consumed over APIs.
Retention Policies
Thru supports multiple levels of data retention, allowing organizations to clear processed files either by purging or archiving after a specified period in accordance with corporate policies and industry or government regulations.
Service Level Agreement (SLA)
Thru continues to work diligently to ensure our hardware and technology is the most reliable in our industry. By focusing on infrastructure and reliability, Thru provides a standard SLA of 99.9%.
SLA for managed file transfer »
Thru Service Level Agreement (SLA) »
Business Continuity
Thru has an up-to-date business continuity plan. Annual business continuity tests and exercises ensure response teams understand their roles and responsibilities. Compliance is demonstrated through a formal governance process.
Thru Business Continuity Plan »
Corporate Privacy Policy
For information about Thru’s corporate privacy and compliance:
Thru Privacy Policy »
Secure File Transfer Overview
Besides helping your company remain compliant, Thru has strong security measures in place to protect files, provide strong authentication and prevent business disruption.
