Alumni Management: Security, Compliance and Support

by Community Admin in Featured
Published: 11th October 2016

One of the current largest hurdles for large enterprises is bringing new technology into the organization: The requirements of IT and the need to ensure rapid time to value and adherence to the security framework of the organization can slow the process down significantly.

Our solution is designed to be easy and simple – the entire process. That includes preparing and presenting our security documentation, best practices and roadmaps with IT early. By adhering to best practices, this process becomes dependable, transparent and allows the rapid approval of our application into the customer landscape.

Security is at the heart of our business. Alumni Management, designed to serve the global corporate ecosystem, is built atop the SAP Hana Cloud Platform, which maintains its own processes to safeguard data and manage threats. In addition to proprietary platform tools, both the platform and the application follow the best practices and industry standards defined by the Cloud Security Alliance.

  • ISAE3402 and SSAE16 TESTIFIED for International Account Regulation
  • ISO 27001 CERTIFIED for IT Operations of HANA Cloud Platform
  • ISO 22301 CERTIFIED for Business Continuity Management Systems
  • ISO 9001 CERTIFIED for Quality Management of HANA Cloud Platform
  • BS25999 CERTIFIED for High Availability
  • GREEN IT CERTIFIED for Energy Efficiency
  • SOC2 TYPE2
  • In process: EU-US Privacy Shield Framework 

    (All certifications, reports and white papers are available upon request.)

Answers to some common questions we are asked:

Can a company subject to EU data process requirements use the tool?
Yes. We have specific protocols to enable customers to address the EU data protection requirements.

Who owns the Alumni data?
All data created by your organization and your alumni belongs to your organization and is under your control. In addition to the ability to define deletion controls, all data can be manually exported within the administration console or via our API.

What tools are used for application level security?
We use CheckMarx and Fortify for source code review and WebInspect and Nessus for application vulnerabilities. In addition, we utilize a third party vendor to ensure continued compliance, manage our risk understanding, escalation procedures and penetration testing. Security is part of our ongoing process and built into our development lifecycle.

Where are your data centers located?
Our application resides on data centers across Americas, APJ, EMEA and MEE. For specific data center information please see this: HCP Data Centers.

What is your support and SLA model?
When customers buy a cloud solution, one of the most common concerns is having two vendors; one for platform and one for product. We believe, however, that customers are buying a solution and therefore should be able to centralize that support into a single channel for ease of use, rapid resolution and defined escalation procedures.

Existing SAP customers can take advantage of the Collaborative Support Agreement which allows all tickets to be filed within the existing support portal with SAP managing the SLA and determining whether the issue is platform or product. If the situation cannot be resolved by L1 and relates to the application, that ticket is assigned to our team to handle within the same customer interface. This enables customers to follow the problem within a single chain and in the event of a significant issue, join the war room.

Application tickets not deemed to be service outage or service failure follow our general support SLA (a detailed breakdown of our exact response times against the severity of the issue is available on request):
Hours Of Operation: 6 days a week/12 hours a day
Response Time: Within 24 hours or 1 business days

Notes:

We are in the process of developing a security white paper to detail our security measures, investments into best practices and organizational approach to platform and application security.

Prospects and customers are welcome at any time to schedule a meeting with our Chief Security Officer to learn more about any of the information above or answer specific questions.

Find a blog post
Search our Archives: