H3 Solutions Gives Customers Confidence in Cloud Services by Conducting Privacy Impact Assessments with the AvePoint Privacy Impact Assessment (APIA) System
- Simplified process and setup for Privacy Impact Assessments (PIAs) of its cloud environment
- Easy review and workflow for relevant stakeholders
- Reduced chance of human error throughout PIA process via automatio
- Customer Location Manassas, VA
- Industry Technology
- Platform SharePoint Online
- AvePoint SolutionsCompliance Guardian Platform
- Set up automated Privacy Impact Assessment (PIA) process for its cloud environment within two weeks, saving a significant amount of time that would be required to carry out PIAs manually
- Eliminated the possibility of human error throughout PIA process through automation and ensured all relevant stakeholders across the organization were involved using workflows and email reminders
- Furnished reports for customers proving that cloud services do not access or store personal data, complying with privacy regulations
APIA gives us the necessary validation to assure our customers that their data is safe when using our cloud service.
Initially founded as a provider of services for on-premises deployments of Microsoft SharePoint, H3 Solutions recently released its first cloud-based service with Mobile Entrée 365. Mobile Entrée 365 provides Office 365 users tools for a rich SharePoint online mobility experience. The tool, which is made available through the Office Store, offers users immediate and intuitive access to content that SharePoint alone does not account for on mobile devices.
With H3 Solutions’ previous products, customers installed the services in their own on-premises environments. Because of this, it was up to the customers themselves to perform Privacy Impact Assessments (PIAs) on their own systems to evaluate and report on any privacy implications. However, since Mobile Entrée is hosted in the cloud, H3 Solutions needed a way to ensure customers that the company would not be accessing any sensitive customer data when the service was implemented. “When organizations utilize the cloud for their business data, they want assurance that any sensitive data that goes through those services is protected,” said Joe Herres, H3 Solutions EVP of Product and Services. “We needed a way to easily prove to customers that though our product could render sensitive data in their SharePoint environment on mobile devices, we are not accessing or storing any of that information on our own servers.”
With this in mind, H3 Solutions began to investigate PIA solutions. “We’re not experts in the area of privacy, so we needed a solution that could reduce the amount of research and manual work typically inherent in PIAs by providing us with guidance and automation,” Herres said. “The amount of time and effort required without using a technology solution would have been prohibitive for us and potentially made it so we couldn’t carry out PIAs for our customers.”
The AvePoint Solution
H3 Solutions chose to implement the AvePoint Privacy Impact Assessment (APIA) system for its PIA needs. Exclusively available through the International Association of Privacy Professionals (IAPP), APIA mitigates the risk inherent with manual privacy impact assessments, helping organizations understand and automate the process of evaluating, assessing, and reporting on the privacy implications of their enterprise IT systems. “I have a background in the IT compliance industry, so I have worked with the IAPP in the past and have known AvePoint for a long time,” said Lisa Ruff, Mobile Entrée Business Development Manager. “When we learned APIA was available, we knew the technology could help us automate the process of conducting PIAs for our cloud service.”
APIA allows users to select questions from a prepopulated bank of PIA questions or create their own, meaning they can build and save PIA templates to be reused and reported out. Ruff was able to set up the PIA process using a combination of questions available through APIA as well as the company’s own customized questions. Within two weeks, H3 Solutions created a PIA process through APIA that consisted of approximately 30 privacy and security questions that would ensure customers that privacy regulations were met with Mobile Entrée 365. “The questions available in APIA were very relevant and gave us a great framework to start our PIA process,” Ruff said. “We can report on the questions to our customers and give them confidence through the third-party validation APIA provides that we are not accessing or collecting any sensitive data, such as Personally Identifiable Information.”
Ruff also appreciated APIA’s built-in workflows and ability to automatically generate organization-specific PIA reports to distribute to key stakeholders throughout H3 Solutions for review. The relevant stakeholders at H3 Solutions include developers, product managers, and business development managers. “As a company that is task-oriented, APIA’s workflow capabilities and automation of the stakeholder review process is very helpful,” Ruff said. “The system’s ability to send email reminders to stakeholders is also valuable as it helps ease the process of ensuring all aspects of PIAs are completed.”
In addition to time savings, APIA’s ability to automate PIAs also helped H3 Solutions reduce the risk of human error inherent with manual processes. “APIA gives us peace of mind that all aspects of our PIAs are carried out fully and that everything is tracked and coordinated through one system,” Ruff said.
The Bottom Line
Using APIA, H3 Solutions was able to turn the often complex and labor-intensive task of conducting PIAs into an automated, streamlined process that involved all relevant stakeholders throughout the organization. The reports delivered through APIA help the company report on how information is handled by its cloud-based service and prove that all actions comply with global privacy legislations. “With the amount of research and manual work required by PIAs, we may not have been able to provide this information to our customers without APIA,” Herres said. “APIA gives us the necessary validation to assure our customers that their data is safe when using our cloud service.”
About H3 Solutions
A Microsoft Gold Certified Partner, H3 Solutions provides products and services for clients in both the public and private sectors. They are best known for Mobile Entrée, the mobile platform for Microsoft SharePoint. To learn more, visit www.mobileentree.com.