In early October, the Court of Justice of the European Union (CJEU) struck down the 15-year-old Safe Harbor agreement — the most common way to legally transfer data between Europe and the U.S. — after determining the agreement was not sufficient to ensure the protection of Europeans' personal data. The U.S. and EU have since been working on a new Safe Harbor agreement, but there's no telling how long a conclusion may take.
The Safe Harbor news comes as data security concerns are on the rise, and in this time of uncertainty, we want to assuage any doubts about the safety of Cornerstone clients' data. Despite the Safe Harbor ruling, our European clients have no reason to be concerned. Our team was well prepared for the potential decision against Safe Harbor, and had previously taken every necessary step to ensure your information is safe with us — as always.
The Safe Harbor agreement was known as the most common way to safely transfer personal data to the US, but it was not the only legal transfer mechanism available. As such, the CJEU ruling does not impact Cornerstone's ability to operate in Europe or continue serving our international clients.
In fact, we can continue operating as before: EU data is stored in the U.K., and only accessed from the U.S. on an as-needed basis. In lieu of Safe Harbor, all data transfers will be fully protected under EU Model Clauses — a simple, easy-to-deploy solution. (You can find the Model Clauses on our website here.)
In addition to the Model Clauses, Cornerstone implements a multi-layer approach to security and constantly monitors our system to guarantee our clients' sensitive workforce data is safe.
A Higher Level of Security
As the leading unified talent management software company to operate in the cloud and offer its products solely via SaaS, data security has always been part of our DNA — not just an afterthought. We have a state-of-the-art multi-tenant, multi-database architecture that meets the highest compliance and uptime standards. With clients across industries, our infrastructure has also been audited and certified to meet the most rigorous compliance requirements.
Our processes are aligned with EU regulations, including the ISO 27001 certification, and even when Safe Harbor was in place, Cornerstone was providing a higher level of protection than that assured by the now-defunct agreement.
Physical and Virtual Protection
The Cornerstone infrastructure is protected on the ground and in the cloud. We have four secure data centers — two in North American and two in Europe, each with 24-hour manned security, biometric hand scanners, video surveillance, motion detectors and alarms. Access is restricted to select personnel, and non-Cornerstone visitors must be escorted at all times.
In addition, all data in our application is encrypted in transit. On the user end, unique usernames and passwords are required to access the application, with single sign-on support — requiring all clients to be authenticated. Last but not least, the information available to users is entirely rights- and role-driven; users only see what they have permission to see.
A Dedicated Team
We have a world-class IT Security and Compliance team (that averages 10+ years of direct security experience) dedicated to maintaining and developing our infrastructure. Our culture of continuous improvement includes both product and employee development — we consistently update our infrastructure with the latest technology, and our team members strive to achieve the highest level of industry expertise. All team members hold one or more professional security or compliance certifications.
We are committed to providing a reliable and secure system to our clients, and will continue to diligently follow the development of international data transfer laws. The security and privacy of our clients' data remains our top priority.
Respect for Sovereignty
Finally, we want to make it clear that, as a global business, we have utmost respect for data sovereignty. While data may be accessed if needed from anywhere (this is, of course, how we are able to support our many global clients) data is never copied outside of the jurisdiction of the data center. This is an important point and it is precisely why we support disaster recovery at our data centers in both England and the US. Even backup tapes are fully encrypted before leaving the data center and are secured at Iron Mountain facilities in the respective countries.
If you want to learn more about Cornerstone's data protection policy and practices, please visit our website, and don't hesitate to reach out to your account manager with any questions.
¿Desea seguir formándose? Explore nuestros productos, las historias de nuestros clientes y las últimas novedades del sector.
Publicación de blog
Allanando el terreno para un año excepcional: las actividades de Cornerstone en el primer trimestre
En 2022 nos propusimos impulsar a nuestros clientes y a nosotros mismos y apostar aún más por la innovación. Pues bien, podéis imaginaros nuestra emoción al afirmar que 2023 ya apunta a que será un año excepcional.
Publicación de blog
Éxitos del verano: una (humilde) muestra de nuestro continuo crecimiento en el tercer trimestre de 2022
Mientras muchos desconectamos bajo el sol de la playa o de viaje con la familia, en Cornerstone no hemos perdido de vista nuestros objetivos, así que traemos emocionantes noticias. El tercer trimestre ha estado repleto de nuevas mejoras de productos, hemos estudiado y forjado nuevas colaboraciones, hemos vuelto por todo lo alto a los eventos presenciales, hemos seguido cosechando éxitos para nuestros clientes y hemos vivido un enorme crecimiento empresarial.
Publicación de blog
Cornerstone and Chelsea FC Women: two titans team up for talent
Cornerstone is the official learning and talent partner of Chelsea FC Women for the 2023/2024 season! We're so excited to help the Blues power potential on and off the pitch as they strive to repeat their domestic Double with a fourth-straight FA Cup triumph and fifth-consecutive Women's Super League Championship.