ManageEngine Identity360' shared security and privacy responsibilities with customers

Identity360 provides seamless, one-click access to enterprise applications. It drastically reduces the administrative burden by automating provisioning, deproviosioning, and providing a centralized directory to manage identities across various platforms. Identity360 also offers valuable insights on user activities, application usage, access, and more.

As we strive to give you the best cloud experience, your security and privacy is also given the importance it deserves. ManageEngine, as the cloud service provider, and you, as the customer, have various roles to play to ensure data privacy and security. Let's take a look at the individual roles of ManageEngine, customer(you), and the shared responsibilities between ManageEngine and the customer to understand how this works.

Customer's responsibility

Permissions given to users
Setting strong passwords

ManageEngine's responsibilities

Availability of services
Application level controls
Data storage
Data security
24*5 technical support
Disaster recovery
Reporting any breach incidents

Shared responsibility

Data management
Encryption
Awareness and training
Policy and compliance

Shared responsibility

The following responsibilities require the combined efforts of both ManageEngine and the customers.

Data management

ManageEngine provides you with:

Ability to set privileges for modules to prevent one user from accessing other user data based on privileges.

Customer's responsibilities:

Report incidents of data breach to ManageEngine immediately.
Notify your users and data protection authorities in case of any breach.
Check the legal requirements for adding and processing data using our system.
Assign appropriate privileges for those handling your data.
Periodically review your users' access permissions.

Encryption

ManageEngine's responsibilities:

Encryption of PII at rest and in transit.

Customer's responsibilities:

Enable disk encryption on your devices.

Awareness and training

ManageEngine's responsibilities:

Educate our employees about data-handling requests from the customers.
If required, access a customer's data and log it for support purposes with the customer's approval.
Regularly conduct security and privacy training for all employees to ensure they adhere to our security and privacy standards.

Customer's responsibilities:

Educate your users on the risks related to a cloud environment, as well as standards and procedures for the use of our services.

Policy and compliance

ManageEngine's responsibilities:

Adhere to policies and laws like GDPR, CCPA, and more depending on the region to ensure our customer data is handled appropriately.
Review privacy policies and terms of service for third-party integrations and carries out operations.
Securely migrate data from one region to another while following necessary guidelines for that region.

Customer's responsibilities:

Enable or disable third-party integrations after reviewing what data will be shared with them.
Review the terms and privacy policies of how your data would be stored, handled, and used in third-party apps.
Evaluate all regulations and laws that are applicable to you and review our compliance with regulations and standards that are needed for your business.
Before processing personal data, assess your lawful basis. If your lawful basis is consent, get the consent of your customers as well.