SAS的安全确保

您在安全管理领域的合作伙伴

SAS开发了相关软件来保护您的数据和业务。SAS软件安全管理框架结合了行业最佳实践,在安全管理软件中给出了指导原则的定义。通过多种安全漏洞的防范手段,SAS解决方案可以帮助您持续满足业务发展和安全管理的各种需求。

GDPR is here – and your readiness is our priority.

GDPR is here – and your readiness is our priority.

SAS has been proactive with our own GDPR compliance, so we can focus on our customers.

We engaged in understanding and helping shape General Data Protection Regulation (GDPR) well before the regulation was adopted. As a result, SAS and its affiliates are implementing a full GDPR compliance program. GDPR requires data controllers and processors to put technical and organizational measures in place that ensure appropriate levels of security and manage risk, so our program includes comprehensive reviews of our business processes, systems and practices that interact with GDPR-regulated personal data across all divisions.  

We can partner with you on your GDPR journey.

Depending on your specific privacy and security needs, data environment and implementation requirements, we can customize our solutions to best meet your GDPR compliance needs. Here are three solutions we recommend.

The SAS® Platform is engineered with the philosophy of privacy-by-design in order to meet key GDPR articles. The security of processing, data protection by default, data governance and management are all key components of the platform that we build to enable our customers, as data controllers, to make informed decisions about protecting the rights of data subjects and take action accordingly in solutions.

SAS® Visual Analytics inherits and builds upon the privacy-preserving features of the platform by providing customers the key data processing, analysis, and reporting tools they need on their GDPR compliance journey.

我们如何为您提供保护

安全问题的识别与解决-安全教育的基础

安全教育是SAS软件安全管理框架的核心,确保每位员工能够有责任创建、检验和应用SAS技术,拥有相同的安全视点。安全教育包括多种形式-课堂培训、指导计划、安全标准的开发方针、以及开发团队和IT部门的协同等等。

架构与设计-安全确保的蓝图

安全的软件源自产品设计。SAS开发团队与安全架构团队紧密合作,规划新的功能,确保提供强大的安全架构。设计过程中的不断审查和一系列检查点,让SAS开发团队确保将安全设计概念融入到SAS产品中。架构设计也帮助开发人员维护关键的安全管理特性,同时还可以前瞻性地解决所发现的安全漏洞。

开发标准、测试和验证-将安全管理贯穿始终

我们始终坚持严格的开发标准,进行多种测试和验证,包括内部开发和第三方漏洞扫描工具。后续评估帮助我们在发布新的产品版本之前就能解决所有已经发现的漏洞。

产品安全问题的及时响应和解决-常备不懈

产品的发布并不意味着可以放松警惕。我们的产品安全问题响应团队(PSIRT)会调查版本发布后可能遇到的各种安全漏洞,排定优先解决顺序,识别问题的严重程度,并协调资源进行解决。

Recommended Resources

Read more about our commitment to data privacy with the SAS® Trust  Center.

Learn about our dedication to responsible innovation.

Read The Quality Imperative: SAS Institute's Commitment to Quality.