Compliance Standards

Privacy and Data Protection

Egnyte maintains compliance with the strictest standards to ensure privacy and data protection for its customers. Egnyte’s hybrid architecture gives enterprises complete control over where the data resides. As a result, it has been the solution of choice for thousands of customers in highly-regulated industries (e.g., financial services, healthcare) and regulatory environments, such as the E.U.


Information Security Management System

Information Security Management System - ISO/IEC 27001

The Egnyte information security management system is ISO/IEC 27001:2013 certified. This certification is the leading global information security standard, and it outlines the policies and controls that organizations put in place to manage risk and secure their data.

The guidelines for establishing, implementing, and maintaining our information security management system fall under this international standard, which confirms that our products, supporting infrastructure, people and processes operate within agreed upon requirements and best practices.

ISO/IEC 27001:2013 – Information Security Management

Information technology — Security techniques

ISO/IEC 27018:2019 Information technology — Security techniques

Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. Egnyte is a PII processor that complies with the applicable obligations of ISO/IEC 27018:2019 for its Information Security Management System and privacy protection.

SOC 2 Compliance

SOC 2 Compliance

Egnyte is SOC 2 SSAE 18 Type 2 compliant ensuring that we securely manage your data to protect the interests of your organization and the privacy of all clients. This is supported by a SOC 2 attestation report issued by an independent auditor whose role is to assess our compliance within selected Trust Services categories.

The SOC 2 report is intended to provide users information that may be useful when assessing the risks arising from interactions with Egnyte’s system. Specifically this report refers to the suitability of design and operating effectiveness of Egnyte’s controls to meet the criteria related to security, availability, processing integrity, and confidentiality set forth in TSP section 100, 2016 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria).

DFARS logo

Information Security Management System - ISO/IEC 27001

For customers that need to comply with the minimum cybersecurity standards set by DFARS, Egnyte has the necessary controls in place to meet the NIST 800-171 requirements through the implementation of the ISO27001 controls.

Egnyte provides our customers with a mapping based on NIST 800-171 Appendix D tables.


CCPA logo


Egnyte’s commitment to security and confidentiality for customer data has not changed under CCPA. Our services platform may be used by your business under our applicable terms of service. Customers should consult with their own advisers to ensure they are meeting their obligations under CCPA.

Read this FAQ for more information.

EU Customers Logo

EU Customers

Egnyte is committed to data sovereignty by directing that storage of all European customer data and metadata be solely within European-based cloud repositories, ensuring compliance with the laws and standards of the country in which the data resides. EU data stays in the EU.

Egnyte complies with the requirements of the General Data Protection Regulation (GDPR), and we help organizations meet their own GDPR data privacy obligations. Customers in the EU and across the globe can use Egnyte as a content management and governance platform to help implement their GDPR compliance program.

Egnyte’s customer base enjoys the robust protections offered under Egnyte’s Data Protection Addendum, which may be found at the following link: (the “DPA”). Among other things, the DPA: i. recites key provisions of GDPR that Egnyte follows, ii. attaches and incorporates Standard Contractual Clauses adopted in the EU (the “SCCs”), and iii. describes important data security procedures employed by Egnyte to protect customer data.

Additional details regarding Egnyte’s privacy-first approach can be found in our online Privacy Policy at the following link: Note: through early 2022, Egnyte had been annually certifying to the EU–US Privacy Shield Framework. However, especially in light of the Court of Justice for the European Union’s decision from July 2020 in the “Schrems II” case and Egnyte’s timely adoption of the SCCs, Egnyte determined that a recertification for 2022-23 was unwarranted.


FDA 21 CFR Part 11 Logo

21 CFR Part 11

Egnyte offers a specialized, life sciences-focused platform that possesses features meeting requirements listed in 21 CFR Part 11*. In conjunction with a platform-specific validation package, customers can implement this specialized solution in regulated environments (e.g. environments that need to meet GxP).

Our industry-focused software has key features relevant for high-stakes use cases, like immutable audit trails, data integrity tools, access control, and e-signature capabilities, to name a few.

*Product capability required to meet this compliance found in our life sciences-focused offering.

Skyhigh / McAfee Logo

Skyhigh / McAfee

Skyhigh Networks performs objective and thorough evaluations of the enterprise-readiness of cloud services based on a detailed set of criteria developed in conjunction with the Cloud Security Alliance (CSA).

Services designated as Skyhigh Enterprise-Ready are the services receiving the highest CloudTrust™ Ratings, which fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.

Cloud Trust Program

Financial Services Logo

Financial Services

Egnyte offers services that have been developed with an eye towards assisting customers in regulated industries to maintain compliance with regulatory requirements such as AEC, financial services, life sciences and healthcare. As a result, we have invested and continue to invest in developing products intended to meet the stringent needs of these industries, including laws such as HIPAA, FINRA and SEC requirements, such as SEC Rules 17a-3 or 17a-4, and GxP – “good practice” regulations and guidelines.

Download Financial Services Security White Paper

Healthcare HIPAA Logo


Egnyte understands the importance of confidentiality and protection of an individual's Protected Health Information (PHI). Egnyte's comprehensive data security enables HIPAA compliance for Payer, Provider, pharmaceutical and biomedical businesses.

Download Egnyte HIPAA Statement