03-09-2015 2:45 PM
I am looking for information on an "data breach notification process" for SAP HCP.
If anyone knows about an official SAP policy document that addreses this aspect please let me know.
Thanks, Randolf
03-10-2015 12:07 AM
Hi Randolf,
Unless you are referring to policy internal to SAP, data breach notification is generally technology agnostic and will vary based on local regulation.
In the UK we have guidance from the Information Commissioners Office which can be used to formulate detailed policy that fits your organisation/clients requirements: https://ico.org.uk/media/for-organisations/documents/1562/guidance_on_data_security_breach_managemen...
Cheers,
03-10-2015 12:14 AM
I guess Randolf is asking if SAP has it's own guideline how it's going to respond to data breach on HCP platform. I guess that's what potential customers of HCP are asking for. Obviously, SAP must comply with local regulations but it can get pretty complex really quickly. What if customers are in US as well as in EU and so on.
Cheers
03-10-2015 12:26 AM
Good point Martin, I guess you are more awake in your time zone than I am
03-10-2015 10:39 AM
ThanksMartin, this is exactely what I am lookin for. I need a description how SAP handles the communication of violation issues to effected customers. This is typically outlined in a policiy document which can be provided to customers.
03-10-2015 9:35 PM
03-10-2015 9:37 PM
I would like to see that document as well but I could not find it. The only maybe relevant thing that I found is a note about various certifications for HCP. I am not sure if any of these standards addresses data breach disclosure.
Cheers
03-11-2015 11:36 AM
03-11-2015 8:59 AM
Yes, I was going to comment that there is a SAP logo right next to your name but I let it go. SAP is a big company and it already happened to me that SAP employees asked me over some technical details of SAP solution.
Cheers