We are happy to announce the release of ServiceDesk Plus 9.3, the latest offering from your beloved IT help desk management software! This release comes with exciting new features that are a result of integrating insights from our customers with our years of expertise in the ITSM industry. Let us take you on a tour to help you explore all the amazing new features.
The General Data Protection Regulation (GDPR) is a privacy regulation that aims to protect EU residents' personal data. It came into full effect on May 25, 2018. To this end, the GDPR clearly defines the scope of personal data , which is any data that can be used to identify an individual, either by itself or in conjunction with another piece of data. If an organization collects personal data of EU residents, they'll have to comply with the GDPR no matter where they're located.
In this context, IT service desks also come under the purview of the GDPR, as they collect, store, and process personal data. Some of the personal data that IT service desks deal with on a regular basis include:
Details about technological support provided to customers or staff. For example, information on any assistive technology (e.g. screen readers, speech-to-text technology) used by differently-abled employees.
With two-factor authentication, role-based access, and activity logs, we make sure users meet the necessary security standards.
To put it simply:
Our servers are located in the most secure data centers in the US, UK, EU, CN, IN, AU, and JP. The region in which we host your service data depends on the Zoho domain from which the admin registered the ServiceDesk Plus Cloud account.
The following table lists the Zoho domains and respective hosting locations.
Zoho domain registration | Data center location |
https://sdpondemand.manageengine.com | US (United States) |
https://servicedeskplus.uk | UK (United Kingdom) |
https://sdpondemand.manageengine.eu | EU (European Union) |
https://sdpondemand.manageengine.in | IN (India) |
https://servicedeskplus.net.au | AU (Australia) |
https://servicedeskplus.cn | CN (China) |
https://servicedeskplus.jp | JP (Japan) |
To find your data center, navigate to Profile > My account, and click the profile icon.
Article 16 of the GDPR: Right to rectification.
Admins can edit all their information except the registered email address, which is the unique identifier for every contact.
Article 32 of the GDPR: Client-specific data is encrypted at rest.
Once the user logs on to ServiceDesk Plus Cloud, sensitive data is protected from unauthorized access, disclosure, or modification. We ensure this by employing many encryption protocols and security methods.Your data is encrypted both during transit and at rest. The server always stores encryption keys and user data in an encrypted format. The administrator can also choose to encrypt custom fields as per relevance.The files you create or attach are saved in the Distributed File System (DFS) and are encrypted by default.
Article 15 of the GDPR: Right of access.
Agents and customers have their own levels of access to personal customer information (such as name, email address, and tickets) and can perform many actions on the data. Admins can export both organization and end user data from the application in CSV or XLSX formats.
Reference:
Article 17 of the GDPR: Users are in full control of what they upload, modify and erase from our ecosystem.
Users can delete all created, uploaded, and edited data inside ServiceDesk Plus Cloud when it's no longer relevant.
When a user/admin deletes a record, it is either removed immediately or moved to the trash based on the record type. For e.g., deleting a custom field permanently removes it, while deleting other fields moves them to Trash. And from Trash, it gets deleted after 30 days.
Administrators can export service data for every module of ServiceDesk Plus.
Reference: https://help.sdpondemand.com/export-data
System logs are where you can access more historical information on activities done in the application. All information on the key activities done in the application is recorded. The logs can be viewed and exported as CSV and XLS files.
Reference: https://help.sdpondemand.com/view-system-log
When a user deletes personal data in an organization, it is removed immediately and moved to the trash based on its type. For example, a deleted Additional Field can be removed instantaneously while a deleted Request is first moved to the trash. From the trash, it gets deleted after 30 days or is removed instantaneously if the user manually removes it.
Data is retained in your account for as long as you choose to use ServiceDesk Plus cloud. Once you terminate your ServiceDesk Plus Cloud account, your data will get deleted from the active database during the next cleanup that occurs once every six months. The data deleted from the active database will be deleted from backups after three months.
Reference: https://www.zoho.com/compliance.html
ServiceDesk Plus is GDPR-ready to give you a more secure service desk experience.
Mark a data field as PII when adding an additional field to a template so you can easily distinguish PII from other data.
The GDPR grants individuals a number of rights, including the right to be forgotten. That means that users can ask an organization to delete all their data, or anonymize the data if deleting user information conflicts with business processes or violates other regulations. You can now anonymize users' names and completely delete their other PII in ServiceDesk Plus to respect their right to be forgotten under the GDPR.
When a user exits the organization, user data in the Mobile Number and Phone Number fields will be deleted by default. All the PII/ePHI fields are explicitly marked within the application can be anonymize or erase.
Protecting sensitive data is one of the key aspects of the GDPR. With that in mind, ServiceDesk Plus now allows you to encrypt sensitive information collected and stored from Request Additional Fields. Single line, multi-line, and pick list fields can all be encrypted.
ServiceDesk Plus' backup file is password protected should anyone try to open or restore it.
Users that have been deleted from the application can have their information anonymized from the Deleted Users view.
The PII/ePHI log functions as a historical record of all activities around the PII/ePHI fields across the application. Each log on this page contains information on the PII/ePHI field's module, sub-module, the action, and when exactly it occurred. The admin can export the log files in CSV and XLS file formats.
Provide secure access to the data exported from ServiceDesk Plus Cloud by embedding them inside a password protected zip file. Password-protected files help you safeguard your users' personal data per the privacy regulations in place.
The SDAdmin can configure a common password to be used by all users and non-users, and technicians can configure their own login-specific passwords.