Compliance Program

Split's technology compliance program includes safeguards that help protect your data as it moves through the Split service. Information about these safeguards is organized by category. Our technology compliance documentation describes additional safeguards we maintain. Should you have any questions please contact our support team at support@split.io or our security team at security@split.io.

 Governance

Information security roles and responsibilities. We have formally assigned information security duties to Split personnel. Our Security team works with other departments to safeguard sensitive information related to the Split service.

Policies and procedures. Our policies and procedures help us maintain security in our systems, processes, and employee practices. Split's Security and Operations team formally reviews these policies and procedures at least annually.

Risk management. We integrate risk assessment activities with various processes to identify and address information security risk to the company and customer data on our network.

Vendor security oversight. Split performs risk-based evaluations of the security measures of our vendors. We review these security measures before we begin using a vendor. We re-evaluate vendor security measures on a recurring basis thereafter.

 Human Resources

Employee background screening. We screen new employees as part of the hiring process. Screening activities depend on applicable local regulations and may include criminal background checks and reference checks.

Confidentiality agreement. Our employees formally agree to safeguard the sensitive information they may view, process, or transmit as part of their job functions.

Security and privacy awareness training. We train our people to protect the data and devices they use. Each employee receives security awareness training as part of new hire procedures, and current employees take this training annually.

 Data Privacy

Split is committed to respecting individuals' privacy rights and assist its customers in achieving compliance with applicable privacy laws, including the General Data Privacy Regulation (the "GDPR").

Privacy policy. Our privacy policy describes how we collect, use, share and protect the personal information of customer personnel and visitors using or visiting our websites and their rights in respect of their personal information.

Processing of Personal data by The Split Services. The Split services by default do not process personal data. However, our service can be configured or used at the direction of the customer to process personal data. Where Split processes personal data, it does so in accordance with applicable privacy laws and ensures that appropriate technical and organizational measures are implemented to protect the personal data. Our security program documentation provides additional information about data privacy compliance related to the processing of personal data.

Data Processing Agreement. Our Data Processing Agreement (DPA) reflects the requirements of the GDPR.

International Transfer of Personal Data. The personal data processed by Split may be transferred to, and processed in countries other than the country where it originates. Split has taken appropriate safeguards ensure the protection of such personal data. These include, for instance, implementing the European Commission’s Standard Contractual Clauses for transfers of personal information with our third-party service providers and partners.

Privacy by Design. Split takes a holistic approach to security and privacy, and never shares or sells user or customer data unless it is necessary to provide Split services. Split has implemented several internal policies requiring its employees and agents to handle personal data in compliance with applicable privacy laws.

Data Subject Access Rights. Split is committed to assist its customers in responding to individuals access requests and has implemented a number of controls that customers may use to retrieve, correct, delete or restrict individual's data upon request.

 Change Management

Change management process. We follow a defined set of procedures to develop and deploy technology changes. These changes include updates to software, configurations, and devices that support the Split service.

Testing. We test technology changes at various stages of development, and we confirm those tests are successful before completing a deployment into the Split service.

Change approval and notification. As part of our deployment process, we prepare, approve, and communicate change notices to maintain awareness among personnel who manage the Split network and systems.

Post-implementation review. We confirm the success of changes after their deployment. Should we experience issues during implementation, we also maintain procedures to revert changes.

 Identity and Access Management

User requests and approval. We document and approve requests for user access to the Split network. Our security administrators confirm appropriate documentation is in place before granting requested user rights.

Access modification. We promptly update or remove an employee's access to the split network to match that employee's current job function or employment status.

User access review. We periodically inspect access privileges to make sure our personnel have appropriate access to Split systems and data.