Carbonite Support > Carbonite Certifications

Carbonite Certifications

  • This article is for Windows and Mac

Summary:

Below is a list of certificates and/or compliance with various financial and privacy-related protocols and standards.

Solution:

Standards/Regulations Applicable Information

SOC 2, Type 2

Service Organization Controls. The teams supporting Carbonite’s service offering are annually audited by a third party firm to ensure the security, confidentiality and availability of the product and your data. If you require a copy of our Soc 2 Audit form, please contact Carbonite Customer Care.

HIPAA

Health Insurance Portability and Accountability Act of 1996 (HIPAA) is United States legislation that provides data privacy and security provisions for safeguarding medical information. Carbonite operates internal controls to support HIPAA and requires healthcare customers to execute a Business Associates Agreement (BAA). To execute our BAA, please contact Carb-CSA@opentext.com.

  • To execute a Business Associate's Agreement, you must have a Carbonite Safe Pro subscription.

GLBA

Carbonite is happy to assist customers who may need to comply with the information security guidelines under GLBA. Please note that we can only assist with applicable requirements based on our role as a service provider:

  • Carbonite has an information security program and dedicated team. We utilize an SIEM monitoring tool, that provides visibility into anomalous events occurring within the enterprise and perform regular penetration testing and vulnerability scanning.
  • We allow customers with the ability to limit access to authorized individuals, based on their settings.
  • We encrypt all customer information in-transit and at-rest by using TLS and AES encryption.
  • Our backup technology allows for cloud backup to protect files from common forms of data loss.
  • Carbonite complies with privacy and consumer rights, such as those under GDPR.

As customers are responsible for their own compliance, we encourage customers to confer with their own legal counsel to ensure they are meeting all necessary business requirements.

FINRA Carbonite is committed to ensuring the confidentiality, security, and privacy of all our customers' data. Carbonite has a robust cybersecurity framework that operates under audited controls related to SOC 2, HIPAA, GDPR, SOX, and 201 CMR 17.00. Although we do not have a program around FINRA requirements, we are happy to work with financial customers who are looking to protect their data.
  • We encrypt all customer information in-transit and at-rest by using TLS and AES encryption.
  • We allow customers with the ability to limit access to authorized individuals, based on their settings.
  • Carbonite complies with privacy and consumer rights, such as those under GDPR.

As customers are responsible for maintaining their own compliance, we encourage customers to confer with their own legal counsel to ensure they are meeting all necessary business requirements. Please contact Carbonite Customer Care for more informaton.

FERPA

Carbonite assists your compliance with FERPA’s data privacy requirements by encrypting all user data using 128 or 256-bit encryption and transmitting all user data to one of our state-of-the-art data centers or AWS/Google using Transport Layer Security (TLS) technology. Other security controls are encompassed in the SOC 2 assessment.

Mass Data Security Regulation 201 CMR 17.00

Carbonite policies and practices are designed to comply with the Massachusetts Data Security Regulation.

All other compliance inquiries

Please contact Carbonite Customer Care.

Feedback