Data Security Compliance with NPC Circular 2023-06

SECTION 5. Privacy Impact Assessment (PIA) - a data inventory

A crucial step is understanding what constitutes sensitive data, where and how it is stored, and who can access it, and introducing data activity monitoring.

CipherTrust Data Discovery & Classification discovers and classifies data in all the data stores in an organization’s data estate, from structured to semi-structured to unstructured across on-premises, hybrid, cloud, and multi-cloud environments. This visibility enables organizations to build a robust data privacy and security foundation.

Imperva Data Security Fabric Data Activity Monitoring (DAM) is a comprehensive solution that not only classifies and discovers valuable data but also provides proactive controls, predictive analytics, and security assessments, enabling centralized command across file stores, assets, and multiple clouds.

• Imperva Data Security Fabric (DSF) improves data governance by identifying sensitive data, enabling better understanding, workflow management, and compliance reporting by mapping file and database servers.
• Imperva Data Security Fabric Data Risk Analytics (DRA) Imperva Data Security Fabric Data Risk Analytics monitors and analyzes data access by database and privileged user accounts, detecting compliance or security policy violations. It provides real-time alerts, user access blocking, and cost-effective data retention for audits.

SECTION 6. Control Framework for Data Protection

Imperva Data Security Fabric Data Activity Monitoring (DAM) is a continuous monitoring system that provides detailed audit trails for various data storage platforms, including relational databases, NoSQL databases, mainframes, big data platforms, and data warehouses, and automatically captures detailed data activity for auditing purposes.

SECTION 7. Privacy-By-Design and Privacy-By-Default

Organizations can secure sensitive data privacy by design with Thales Tokenization and Transparent Encryption. CipherTrust Tokenization permits the pseudonymization of sensitive information in databases while maintaining the ability to analyze aggregate data without exposing sensitive data during the analysis or in reports.

CipherTrust Transparent Encryption encrypts sensitive data and enforces granular privileged-user-access management policies, providing a separation of roles. Organizations can add Multi-Factor Authentication (MFA) for additional protection, limiting privileged users' access.

SECTION 10. Service Provider as Personal Information Processor

SECTION 11. Protection of Personal Data.

CipherTrust Data Security Platform offers various data protection features, including Transparent Encryption at the file system layer, ransomware protection using real-time behavior monitoring, database protection with key management, and application layer libraries for C and Java. It also provides a gateway for encryption without modifying application code.

Organizations can enhance protection of sensitive data by masking them with CipherTrust Data Security Platform through below:

• CipherTrust Tokenization offers various data security features like file-level encryption, application-layer encryption, database encryption, static data masking, vaultless tokenization, policy-based dynamic data masking, and vaulted tokenization.
• CipherTrust Transparent Encryption secures sensitive data by enforcing granular privileged-user-access management policies, ensuring only authorized users and processes can view unencrypted data, and preventing unauthorized access to third-party cloud storage without valid reasons.
• CipherTrust Enterprise Key Management enhances key management in cloud and enterprise environments, ensuring high security and centralization for home-grown encryption and third-party applications using FIPS 140-2-compliant appliances.

SECTION 12. Access to or Modification of Databases.

SECTION 13. Restricted Access.

SECTION 16. Online Access to Personal Data.

Imperva Data Security Fabric Data Risk Analytics monitors data access and activity for all databases, providing visibility to identify risky data access for all users, including privileged users. It delivers real-time alerting and user access blocking of policy violations, while retaining years of data for audits.

Thales Identity and Access Management Solutions limit access based on roles and context, while Thales SafeNet Trusted Access CipherTrust Transparent Encryption (CTE) controls access to restricted information by encrypting sensitive data and enforcing granular privileged-user-access management policies.

Thales Identity and Access Management Solutions limit access based on roles and context, while Thales SafeNet Trusted Access manages access to cloud services and enterprise applications.

SECTION 28. Disposal and Destruction of Personal Data.

SECTION 29. Logs Retention.

SECTION 30. Procedures for Disposal and Destruction.

SECTION 31. Personal Data Disposal Service Provider.

CipherTrust Transparent Encryption (CTE) and CipherTrust Tokenization offer a "crypto-shreds" function that destroys the encryption key for the encrypted data and ensures that the information cannot be restored.

CipherTrust Enterprise Key Management streamlines and strengthens key management in cloud and enterprise environments, ensuring secure asset disposal and effective deletion of encrypted information using FIPS 140-2-compliant virtual or hardware appliances.

SECTION 32. Threat monitoring and vulnerability management.

Threat monitoring is one crucial capability for organizations to prevent, detect, and respond to a cyberattack. Imperva Data Security Fabric and Thales CipherTrust Transparent Encryption Ransomware Protection can help organizations address this challenge.

Imperva Data Security Fabric Data Risk Analytics monitors data access and activity for all databases, providing visibility to identify risky data access for all users. It combines deep domain security expertise with machine learning to identify suspicious behaviors violating security policies. CipherTrust Transparent Encryption Ransomware Protection (CTE-RWP) continuously monitors processes for abnormal I/O activity, alerting or blocking malicious activity before ransomware can take hold.