Cisco is proud to announce that Webex by Cisco (Webex) – comprising Webex Meetings, Webex Messaging, and Webex Calling – is the first collaboration and conferencing solution to achieve Level 3 adherence with the EU Cloud Code of Conduct (EU Cloud CoC).
The EU Cloud CoC is a comprehensive, transnationally verifiable assurance framework for cloud service providers to demonstrate EU General Data Protection Regulation (GDPR) compliance, including transparency, accountability, data minimization, data breach notification, and lawful data processing. In addition, the EU Cloud CoC provides significant protections for individuals whose personal data is stored and processed in the cloud by setting clear expectations on how their personal data will be processed, for what purposes, and by whom. This commitment to transparency and accountability empowers individuals and enhances their control over their personal data.
Webex underwent an independent third-party assessment and audit that verified all code controls, which was also validated by SCOPE Europe, the monitoring body for the EU Cloud CoC. Having this “two-gate-check” approach to Level 3 adherence further promotes trust by double-confirming compliance.
In 2021, Cisco made a public commitment to incorporate the EU Cloud CoC controls into our solutions by design. We operationalized these controls into the Cisco Cloud Controls Framework (CCF). Cisco’s CCF uses a “build-once-use-many” approach for compliance accreditation in an evolving regulatory landscape. This allows Webex to leverage artifacts collected as part of existing Webex certifications, like Japan’s Information system Security Management and Assessment Program (ISMAP), SOC 2, ISO 27001, and ISO 27701. This streamlined approach enabled us to successfully reduce the time needed for the EU Cloud CoC Level 2 and 3 assessments.
By centralizing various compliance requirements, the CCF offers a unified approach to understanding and meeting the requirements regardless of where the standard originates. This is especially beneficial for cloud service providers, like Cisco, that conduct business in more than 100 markets with distinct compliance requirements. Converging security and privacy controls form a fabric of the CCF, ensuring Cisco Cloud Services implement effective data protection by design and by default, as well as use EU Cloud CoC controls as a baseline for global data protection requirements. By making the CCF public, we hope to help accelerate adoption and support our customers, partners, and peers with ongoing investment in privacy, security, and trust.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels