Data Privacy Information Sheet:
Human Resilience Workbench

The purpose of this document is to provide customers of Human Resilience Workbench with the information necessary to assess how the product meets the requirements of their data privacy strategy.

Human Resilience Workbench – Product Statement

Human Resilience Workbench is a platform that aggregates and analyzes user risk signals, behavioral data, and threat intelligence to provide insights into human risk. It enables organizations to identify at-risk users, support investigation and response activities, and deliver targeted mitigation and security guidance. The product is hosted in one of three geographically dispersed multi-tenant Amazon Web Services environments to support secure and performant global access. 

Information Processed by Human Resilience Workbench

Human Resilience Workbench processes limited amounts of personal data as determined and configured by the customer. This may include user identifiers such as first and last name, email address, username, phone number, job title, department, manager name and contact details, and location, as provided by the customer through directory synchronization or customer upload. 

As part of the analysis of reported or suspicious email activity, Proofpoint may process sender and recipient email addresses and IP addresses, message headers, subject lines, attachment names, URLs, and related metadata. 

Human Resilience Workbench also processes derived data elements, including training and simulation outcomes, threat interaction data, usage data from integrated Proofpoint security products (including Email Protection, Cloud App Security Broker, Targeted Attack Protection, Endpoint DLP, Insider Threat Management, and ZenGuide), and calculated risk scores. This information is used to assess human risk, support investigation and response activities, and enable targeted mitigation and security guidance. 

Customer Access to Human Resilience Workbench Data and Privacy Options

Human Resilience Workbench data may be accessed by the customer administrators or authorized users.  Processing results are made available to authorized users through the product’s comprehensive dashboard. 

How Proofpoint Retains Records

Results of customer employee user risk scores, behavioral data, and threat intelligence are available to the customer for the term of the agreement. 

Proofpoint’s Use of Subprocessors

Proofpoint utilizes subprocessors to provide its services. A comprehensive list of the subprocessors may be found on the Trust site at https://www.proofpoint.com/us/legal/trust/subprocessors.

Security

Proofpoint maintains a documented information security program that is aligned with the requirements of NIST 800-53 and ISO 27001. Security controls include the following:

• Data in transit is protected using HTTPS/TLS.
• Encryption at rest is accomplished using AES 256.
• Access control mechanisms are present for physical and logical access to the facilities and the infrastructure hosting the services.
• Proofpoint has implemented policies and procedures for the identification and remediation of vulnerabilities in its products and services. Please see https://www.proofpoint.com/us/security.
• Proofpoint leverages a distributed security monitoring infrastructure to monitor for and alert on security incidents.
• A 24-7 network operation center receives and responds to security alerts, escalating to on-call security personnel.
• Proofpoint’s information security program undergoes an annual independent third-party audit in the form of a SOC 2 Type II report covering the Availability, Confidentiality, and Security trust services principles.