wegalvanize.com

Your Data

Our service is provided from four regions in order to give our customers options for where their data is stored, and to enable them to comply with data privacy location requirements.

Data storage regions

You can use the HighBond service from anywhere in the world and choose from one of seven data centers to store your data:

North America (US) North America (Canada) Europe (Germany) Asia Pacific (Singapore) Asia Pacific (Australia) South America (Brazil) Africa (South Africa)

Physical data storage

Data is stored and replicated across state-of-the-art data centers operated by Amazon Web Services (AWS). Specifically, data is physically stored in RDS databases on AWS EBS storage blocks attached to dedicated Amazon EC2 server instances.

All equipment at the data centers is fully redundant. AWS data is replicated in real-time to:

  • geographically separated availability zones
  • redundant data centers through the AWS EC2 virtualized system infrastructure
  • the AWS S3 storage pool

Regional data storage

At the beginning of your subscription, you can choose your regional data storage to suit your physical, legal, security, or performance needs based on operational needs. All data is encrypted during transmission and at rest within the regional data storage facility.

Our system is provided from the following regions:

  • North America (US)
  • North America (Canada)
  • Europe (Germany)
  • Asia Pacific (Singapore)
  • Asia Pacific (Australia)
  • South America (Brazil)
  • Africa (South Africa)
  • GovCloud (US Federal)
  • GovCloud (US SLED)

Single-region single-system architecture (US hosted)

When hosted in the United States region, all data and backups are stored and transmitted exclusively within the United States—no exceptions.

Multi-region multi-system architecture (Non-US hosted)

When hosted in Canada, Europe, Asia Pacific, Australia, Africa or South America, all data and backups are stored exclusively within the single region.

Exceptions

All system users that are managed and stored in Launchpad for all regions are stored exclusively in the United States. Only personally identifiable information in your licensed user profiles will be stored exclusively in the United States region, including:

  • First Name
  • Last Name
  • Email Address

For more information, see our Privacy Policy.

Data Retention

The system keeps all active or archived customer data continually when you have an active subscription, unless you choose to delete the data.

You can determine:

  • your own data retention controls for your active system
  • the period for the retention of your data
  • when you want to permanently delete data

System settings include the ability for designated system administrators to configure a time period after which archived project data is automatically and permanently deleted, but also allows the same on an ad hoc manual basis.

The vast majority of customers with active subscriptions rely on us to retain their data. However, you may choose to extract data for your own offline records as a secondary measure for data retention.

Note

As long as your subscription is active, this step is redundant and not necessary. As an example, if you maintain an active subscription for ten years, you will have ten years of data within the system (unless you choose to delete it).

Extracting or backing up data

There are several ways customers (authorized managers or administrators) can extract data at any time:

  • Project reports can be saved to your network in PDF or Excel format.
  • Entire projects can be extracted in a single compressed zip file, containing all system reports, native attachments, and an activity log for the audit trail.
  • The reporting application can be used to extract customer data in a variety of formats, including comma delimited, Excel, Word, or PDF, among other options.

Customers are responsible for ensuring that only appropriate users are accessing their system and are authorized to do so.

We perform backups of customer data for the purpose of restoring data integrity due to systemic or database failure, including field data and attached documents that are stored in your account within the system on an hourly, daily, and weekly basis for a one-year period.

Migrating data from another system

Migrating data from one customer data center to another can be a complex process. Although there is no automated process available, customers can:

  • Hire a Galvanize consultant to perform the migration tasks for their organization
  • Perform the migration themselves by completing the procedure below

Most customers do not migrate in-progress projects. Best practice is to leave in-progress projects in the existing source system and start new projects in the new system.

Note

This task can only be completed by Account Admins or Project Manager Admins.

Steps

  1. Conclude all projects in the current system
  2. Perform a back up and export of the data.
    The data is extracted into a single compressed zip file
  3. Archive the projects in the current system
  4. Create new projects in the new system
  5. Add objectives to each of the projects
  6. Bulk upload risks and controls to each of the projects
  7. Manually copy and paste the remaining information from source data and reports from the current system into the new projects in the new system.

Data privacy

Customer data is considered confidential information and is handled securely by Galvanize personnel. Customer data is never copied to assets outside the production environment, including employee laptops.

Any troubleshooting that needs to be performed on customer data is performed in the customer's environment. When Galvanize personnel need access to a customer environment, a ticket is generated indicating that Support accessed the instance, why the interaction was necessary, and what work was performed.

Actions by Galvanize personnel on a customer's system are limited to resolving the customer needs, and nothing more. Once a customer is satisfied with the result, and the ticket is closed, access is removed.

We collect only the minimum personally identifiable information necessary from your licensed users for purposes of account set-up, access to product resources, and system administration.

For more information, see our Privacy Policy.

Data ownership

Customers own their data 100%, and are responsible for setting retention spans and for deleting unwanted content during the subscribed service and up to 30 days after termination or expiry of their subscription.

Customers have a responsibility to ensure their data is in compliance with applicable policies, regulations, and laws, and Galvanize has the responsibility to ensure customer data is secure.

For more information on the shared responsibility model, see Policies & Processes.