The purpose of this datasheet is to provide Sophos customers with information on how our offerings affect their privacy considerations. In this document, we provide information about Sophos Central Endpoint and Server data handling practices, including personal information collection, use and storage.
PRODUCT SUMMARY
The Sophos Central Endpoint and Server agent provides comprehensive cloud managed endpoint and server protection and includes options for powerful endpoint detection and response capabilities. This privacy data sheet applies to Intercept X Essentials, Intercept X Advanced, Intercept X Advanced with XDR, Intercept X Essentials for Server, Intercept X Advanced for Server and Intercept X Advanced for Server with XDR.
INFORMATION PROCESSED BY THE SOPHOS CENTRAL ENDPOINT AND SERVER
Sophos processes the following types of information in Sophos Central and the Sophos Data Lake (available to XDR customers only):
- Usernames
- IP Addresses
- MAC Addresses
- Process details and executed commands (where command lines are captured which could contain usernames, passwords, API keys and credentials)
- Applications, Portable Executable (PE) files
- Browser Add-ons and data from Microsoft Edge and Google Chrome (e.g., favorites, bookmarks, cookies and browsing history, search terms)
- User folders (e.g., public, music, documents, downloads, videos, pictures, desktop)
- File Hashes
- File Paths
- Hostnames
- Ports
- System Events and Logs
- Crash dumps, memory dumps
- Export of Windows Registry (all software installed on machine and its configuration)
- Third party application logs (e.g., OneDrive, DropBox, AV software, password managers)
- URLs
- Email addresses
Using various role-based access controls, customers can define administrators who can access different features and data.
Customers can control whether Threat Cases and their associated data is created and stored in Sophos Central.
Intercept X Advanced with XDR Endpoint and Server customers have the option to enable the upload of data to the Sophos Data Lake and have flexibility to define any endpoint and/or server devices which should be excluded from sending data to the Sophos Data Lake.
PURPOSE OF INFORMATION PROCESSED BY CENTRAL ENDPOINT AND SERVER
Data stored in Sophos Central and the Sophos Data Lake (for XDR customers) may be analyzed and processed by Sophos for the benefit of the customer, resulting in threat detection and response, and future innovation.
Sophos processes the information identified above for the purpose of performing the service(s) to you in accordance with the Sophos Service Agreement.
SUB-PROCESSORS
Data processed by Sophos Central and the Sophos Data Lake is hosted in AWS data centers in the region(s) selected by the customer at the time of Sophos Central account creation. Visit our Sub-processor listing to find out more about sub-processors engaged by Sophos.
RETENTION
Sophos applies its retention policies to delete and purge data that is no longer needed for the purpose for which the personal data was originally collected.
Data stored in Sophos Central will be stored for 90 days as outlined in Sophos Central Privacy Data sheet.
Data in the Sophos Data Lake will be limited to the last 90 days of data analysis (available only to Intercept X Endpoint and Server XDR customers).
All customer data will age out of the system upon termination of the service. After this period, the data will be permanently deleted and unrecoverable.
SECURITY
Sophos secures customer information by authenticating access via username and password based on managed Active Directory group membership coupled with multi-factor authentication.
Sophos Central and Sophos Data Lake have achieved SOC2 Type II certification to demonstrate its strong security practices, policies and internal controls environment.
For information about the security protections used in the data centers where customer data resides, visit the AWS Security Documentation Center.
OUR COMMITMENT TO PRIVACY
Sophos is committed to complying with data protection rules and protection of personal data processed by Sophos Central Endpoint and Server. Sophos will access data to enhance features and services that bring benefits to the customer, and for R&D innovation of future capabilities.
ACCESS
Customer Access
Data stored in Sophos Central and the Sophos Data Lake is accessible to admins who have been provided access to Sophos Central or who have access to Sophos Central APIs.
Sophos Access
Sophos Engineering monitors Sophos Central and Data Lake access and telemetry for planning future roadmap strategy and requirements, product development and enhancement, troubleshooting, and generating statistics and reports.
Sophos Labs or Sophos AI teams may access data for threat research purposes and to improve our ability to detect new threats. An exception is file submission of suspicious files that may contain personal information. If these files are convicted as malicious, then they are treated as malware and will be blocked globally going forward. If these files are not convicted and are cleaned, they are permanently deleted within 30 days.
DISCLAIMER
The information contained in this privacy data sheet may change at any time and is only meant for general awareness. This Sophos Central Endpoint and Server Privacy Data Sheet is not meant to constitute legal advice, warranty of fitness for a particular purpose or compliance with any applicable laws.
Last updated March 2024