Zeitworks abides by and maintains the highest security standards and practices, including SOC 2 type II security compliance. However, because the data the Zeitworks sensor collects can contain personally identifiable information (PII), or sensitive corporate information, the Zeitworks platform supports several configuration options that determine how sensitive data is processed, redacted and stored. Zeitworks customers in different industries and of different sizes may prefer one particular option over others depending on rules, regulations, best practices, or preferences of IT and SecOps teams.
Please see 3 main configuration options below:
In this default configuration, all data is pushed to the Zeitworks data processing cloud over a secure connection. Upon arrival, the data is stored encrypted at rest. The first step of subsequent data processing steps is sensitive data redaction. Standard sensitive data types (names, addresses, SSN, credit card numbers, etc.) are identified and removed from the data (this information is NOT needed by downstream data processing and analysis steps). The Zeitworks redaction system can also be customized on a per-customer basis, taking into account any non-standard sensitive data types a particular customer may have in their business process workflows.
This option is ideal for Zeitworks customers who either lack sensitive data in their business process workflows, or, used initially for short-term POC trial engagements (longer term engagements can use one of the options below).
In this configuration, screenshots are not uploaded to Zeitworks' cloud. Instead, they are sent to a storage location owned and operated by the customer, but still accessible on-demand by Zeitworks HITL (human-in-the-loop) annotators and tools, on an image-by-image basis. HITL annotators typically need to access a small percentage of screenshot images during customer and process onboarding. Once a process has been thoroughly analyzed and labeled, this data can be deleted by the customer and subsequent continuous analysis can be done using the textual event data.
In this configuration, the Zeitworks redaction server technology can be moved and run in the customer's cloud or on-premises compute resources instead of in the Zeitworks cloud. This assures that (virtually) no sensitive data the Zeitworks sensor collects leaves the customer's perimeter or network. Instead, all data (text logs and screenshots) once collected by the sensor, is sent to the internal redaction server for desensitizing before it is sent on to the Zeitworks cloud for further processing.
In addition to these main options, other variations are possible. If you have any additional questions, please contact us at security@zeitworks.com
