- Регистрация
- 09.02.2010
- Сообщения
- 270
- Реакции
- 41
- Баллы
- 28
- Native language | Родной язык
- English
GitHub continues to invest in security, privacy, and compliance as part of our ongoing effort to be the most trusted home for all developers. As a result of that investment, GitHub’s Information Security and Privacy Management System (ISPMS) was assessed against the
An ISPMS is a comprehensive framework designed to safeguard information’s confidentiality, integrity, availability, and privacy. The core emphasis here is on privacy. It demonstrates our commitment to preserving personal information and ensuring its appropriate use within our organization.
The ISPMS applies to several areas:
Within these areas, the ISPMS also covers various features, including:
The
The
GitHub’s certifications are now available for enterprise owners and organization owners to download. Instructions to download the certifications are documented
ISO 27018, ISO 27701 (PII Processor), and CSA Star Level 2 certifications are exciting milestones that demonstrate our continued investment in security processes, risk management, and operational maturity at GitHub. The ISO 27018, ISO 27701 (PII Processor), and CSA Star Level 2 certifications are the latest additions to GitHub’s compliance portfolio, preceded by
As we strive to remain the trusted platform for developers and your data, we understand the importance of evolving our privacy and security measures. These new ISO certifications are not just accreditations; they represent our unwavering commitment to privacy and security. They are proof that GitHub will continue to evolve to meet international standards for data protection and respect the deeply personal nature of privacy.
In addition to announcing these new certifications, we are happy to announce that GitHub is beginning the process to participate in the
You do not have permission to view link please Вход or Регистрация
(PII Processor) and
You do not have permission to view link please Вход or Регистрация
standards. GitHub simultaneously completed the necessary third-party assessment to achieve the
You do not have permission to view link please Вход or Регистрация
. These accomplishments were built upon the foundation of GitHub’s ISO/IEC 27001:2013 compliance
You do not have permission to view link please Вход or Регистрация
.What is an ISPMS?
An ISPMS is a comprehensive framework designed to safeguard information’s confidentiality, integrity, availability, and privacy. The core emphasis here is on privacy. It demonstrates our commitment to preserving personal information and ensuring its appropriate use within our organization.
Scope of the GitHub ISPMS
The ISPMS applies to several areas:
- GitHub.com: Fully-integrated platform for developers to write and collaborate on code.
- GitHub Enterprise Cloud (GHEC): Cloud-hosted solution that enables organizations and teams to safely store and manage their code.
- GitHub Advanced Security (GHAS): An application security testing solution that is natively embedded in the developer workflow. Automated security checks are run with every pull request, surfacing issues in the context of the development workflow so vulnerabilities are fixed in minutes, not months.
- GitHub Actions: Continuous integration and continuous delivery (CI/CD) platform that allows developers to automate their build, test, and deployment pipeline.
Within these areas, the ISPMS also covers various features, including:
- Pull Requests: A method for developers to notify team members of changes they’ve made to a project.
- Issues: A system for tracking bugs or tasks within a project.
- Wikis: A space for documenting information about your projects.
- Pages: A feature to host a website about your project directly from your repository.
- Packages: A way to distribute software within your team or to the public.
New privacy certifications
The
You do not have permission to view link please Вход or Регистрация
(PII Processor) standard is an extension to the ISO 27001 and ISO 27002 standards and focuses explicitly on privacy information management. The certification means that we have implemented robust measures for the protection of personally identifiable information (PII) within our data processing systems.
You do not have permission to view link please Вход or Регистрация
is another privacy-specific standard, targeting the protection of personal information in the cloud. It is based on the ISO/IEC information security standard 27002, and contains implementation guidance on ISO/IEC 27002 controls applicable to public cloud PII. This certification further emphasizes our dedication to maintaining strong privacy standards in the cloud computing environment.New security certification
The
You do not have permission to view link please Вход or Регистрация
leverages the ISO/IEC 27001 standard’s requirements as a baseline and builds upon it with additional requirements from the Cloud Controls Matrix (CCM). The certification requires a rigorous third-party assessment following normal ISO/IEC 27001 protocol and expires after three years.Compliance at GitHub
GitHub’s certifications are now available for enterprise owners and organization owners to download. Instructions to download the certifications are documented
You do not have permission to view link please Вход or Регистрация
(enterprise) and
You do not have permission to view link please Вход or Регистрация
(organization). The certifications are generally available
You do not have permission to view link please Вход or Регистрация
under “ISO/IEC 27701:2019 (PII Processor), ISO/IEC 27018:2019, and CSA STAR Level 2.” Validation of GitHub’s CSA STAR certification is also reflected on
You do not have permission to view link please Вход or Регистрация
.ISO 27018, ISO 27701 (PII Processor), and CSA Star Level 2 certifications are exciting milestones that demonstrate our continued investment in security processes, risk management, and operational maturity at GitHub. The ISO 27018, ISO 27701 (PII Processor), and CSA Star Level 2 certifications are the latest additions to GitHub’s compliance portfolio, preceded by
You do not have permission to view link please Вход or Регистрация
,
You do not have permission to view link please Вход or Регистрация
,
You do not have permission to view link please Вход or Регистрация
, and the
You do not have permission to view link please Вход or Регистрация
.Looking forward
As we strive to remain the trusted platform for developers and your data, we understand the importance of evolving our privacy and security measures. These new ISO certifications are not just accreditations; they represent our unwavering commitment to privacy and security. They are proof that GitHub will continue to evolve to meet international standards for data protection and respect the deeply personal nature of privacy.
Accelerating ISO 27001-based compliance with TISAX
In addition to announcing these new certifications, we are happy to announce that GitHub is beginning the process to participate in the
You do not have permission to view link please Вход or Регистрация
(TISAX), currently in the audit provider selection stage. TISAX is administered by the
You do not have permission to view link please Вход or Регистрация
on behalf of the German Association of the Automotive Industry (
You do not have permission to view link please Вход or Регистрация
). Participating in the TISAX program will be a deliberate step for GitHub to better serve more of our enterprise customers in the automotive industry. The TISAX entry on the
You do not have permission to view link please Вход or Регистрация
will be published soon!
