The purpose of this document is to provide customers of Proofpoint’s cloud-based Email Protection service with the information necessary to assess how the product can support and enhance their data privacy strategy.
Email Protection – Product Statement
Proofpoint Email Protection scans and processes emails that flow through its secure email gateway to protect organizations from advanced email threats. Email Protection is powered by NexusAI, Proofpoint’s advanced machine learning technology, and integrates with a range of Proofpoint products to provide essential email data security and risk mitigation.
Information Processed by Proofpoint’s Email Protection Service
Email Protection filters and processes inbound and outbound emails, collecting and analyzing data in those emails to detect threats. This includes limited personal data embedded in the emails.
The following is an example of a dangerous email that could be sent to your employees. Utilizing Email Protection’s predefined email filter criteria, this email would be stopped by Email Protection. Personal data elements processed by Email Protection are identified in the blue boxes. The questions are examples of the filter queries applied to email data and do not represent a comprehensive review.
Customer Access to Email Protection Data and Privacy Options
Email Protection may be accessed by the customer’s administrator or authorized users. Processing and filtering results are made available to authorized users through the Email Protection service console.
How Proofpoint Retains Records
To protect organizations from on-going threats, Proofpoint analyzes the data collected through Email Protection and applies the results to the Email Protection’s scanning and filtering process. All data collected is retained in an aggregated form until securely deleted.
Proofpoint’s Use of Subprocessors
Proofpoint utilizes subprocessors to provide its services. A comprehensive list of the subprocessors may be found on the Trust site.
Proofpoint maintains a documented information security program that is aligned with the requirements of NIST 800-53 and ISO 27001. Security controls include the following:
- Data in transit is protected using HTTPS/TLS.
- Encryption at rest is accomplished using AES 256.
- Access control mechanisms are present for physical and logical access to the facilities and the infrastructure hosting the services.
- Proofpoint has implemented policies and procedures for the identification and remediation of vulnerabilities in its products and services. Please see https://www.proofpoint.com/us/security.
- Proofpoint leverages a distributed security monitoring infrastructure to monitor for and alert on security incidents.
- A 24-7 network operation center receives and responds to security alerts, escalating to on-call security personnel.
- Proofpoint’s information security program undergoes an annual third-party audit in the form of a SOC 2 Type II audit for the Availability, Confidentiality, and Security trust services principles.
© 2022. All rights reserved. The content on this site is intended for informational purposes only.
Last updated September 19, 2022.