Understanding Data Collection and Processing
Tenable.io processes various types of data from customers to manage relationships and fulfill contractual obligations. This data supports the functionality of the product suite. Customers are considered the 'Data Controller' for Personal Data related to Data Subjects on their networks. Tenable acts as a 'Data Processor' for Scan Data collected and stored through their services, processing it for legitimate interests like customer support and service security.
Types of Data Processed by Tenable
Tenable primarily processes User Information, Telemetry Data, and Scan Data on behalf of its customers. User Information includes business contact details for Admin Users, while Telemetry Data tracks logins to Tenable Vulnerability Management. Scan Data usage serves various purposes, including enhancing the security of services and personalizing features.
Securing Customer Data
Tenable prioritizes data security by employing industry-leading practices. Data is stored securely, utilizing Amazon Web Services (AWS) Cloud for service delivery. Security measures like DDoS mitigation, encryption in transit, and access control are implemented to protect customer data. Additionally, Tenable follows strict data retention policies based on data types and processing purposes.
Access and Control of Personal Data
Under GDPR regulations, individuals have rights to access and control their Personal Data. Tenable facilitates these rights for EU-based data subjects by offering the ability to request, correct, or delete their data. Admin Users can manage Personal Data within the Tenable Vulnerability Management user configuration, ensuring transparency and control over collected data.
Data Sub-Processors and Compliance
Tenable partners with third-party service providers for hosting, storage, and data processing. These vendors operate under Tenable's guidance, ensuring GDPR compliance and data protection. By selecting GDPR-compliant sub-processors, Tenable guarantees that customer information is handled following the necessary policies and procedures.