ServiceDesk Plus 9.3 released

New features and enhancements to take your IT support up a notch!
 

We are happy to announce the release of ServiceDesk Plus 9.3, the latest offering from your beloved IT help desk management software! This release comes with exciting new features that are a result of integrating insights from our customers with our years of expertise in the ITSM industry. Let us take you on a tour to help you explore all the amazing new features.

The General Data Protection Regulation (GDPR) is a privacy regulation that aims to protect EU residents' personal data. It came into full effect on May 25, 2018. To this end, the GDPR clearly defines the scope of personal data , which is any data that can be used to identify an individual, either by itself or in conjunction with another piece of data. If an organization collects personal data of EU residents, they'll have to comply with the GDPR no matter where they're located.

In this context, IT service desks also come under the purview of the GDPR, as they collect, store, and process personal data. Some of the personal data that IT service desks deal with on a regular basis include:

  1. Names, residential addresses, phone numbers, and email addresses of customers and staff members.
  2. Staff information, including current role, department, and employment history.
  3. Incident, service request, problem ,and change records containing users' names, designations, seating locations, etc.
  4. Identifiable information about devices issued to staff, like IMEI number in the case of mobile phones.

Details about technological support provided to customers or staff. For example, information on any assistive technology (e.g. screen readers, speech-to-text technology) used by differently-abled employees.

We're here to help you understand and
comply with the GDPR.

  • Important GDPR principles, and how they will impact your IT service desk.

    View webinar
  • The role of the IT service desk in the context of the GDPR, and how to build a compliance program in your organization.

    Download ebook

Here is a quick tour of ServiceDesk Plus' GDPR-related features

While the GDPR is an EU legislation, ServiceDesk Plus is committed to enabling protection of data privacy rights to all our users worldwide. Here's how we achieve this:

Security of personal data processing

With two-factor authentication, role-based access, and activity logs, we make sure users meet the necessary security standards.

Business model

To put it simply:

  • We don't own your data. You do.
  • We'll never use your data to advertise.

We've rolled out GDPR features for ServiceDesk Plus to help you on your GDPR journey.

Data hosting (locality)

Our servers are located in the most secure data centers in the US, UK, EU, CN, IN, AU, and JP. The region in which we host your service data depends on the Zoho domain from which the admin registered the ServiceDesk Plus Cloud account.

The following table lists the Zoho domains and respective hosting locations.

Zoho domain registration Data center location
https://sdpondemand.manageengine.eu US (United States)
https://servicedeskplus.uk UK (United Kingdom)
https://sdpondemand.manageengine.eu EU (European Union)
https://sdpondemand.manageengine.in IN (India)
https://servicedeskplus.net.au AU (Australia)
https://servicedeskplus.cn CN (China)
https://servicedeskplus.jp JP (Japan)

To find your data center, navigate to Profile > My account, and click the profile icon.

Right to rectify

Article 16 of the GDPR: Right to rectification.

Admins can edit all their information except the registered email address, which is the unique identifier for every contact.

Data encryption

Article 32 of the GDPR: Client-specific data is encrypted at rest.

Once the user logs on to ServiceDesk Plus Cloud, sensitive data is protected from unauthorized access, disclosure, or modification. We ensure this by employing many encryption protocols and security methods.Your data is encrypted both during transit and at rest. The server always stores encryption keys and user data in an encrypted format. The administrator can also choose to encrypt custom fields as per relevance.The files you create or attach are saved in the Distributed File System (DFS) and are encrypted by default.

Right of access

Article 15 of the GDPR: Right of access.

Agents and customers have their own levels of access to personal customer information (such as name, email address, and tickets) and can perform many actions on the data. Admins can export both organization and end user data from the application in CSV or XLSX formats.

Reference:

Right to erase

Article 17 of the GDPR: Users are in full control of what they upload, modify and erase from our ecosystem.

Users can delete all created, uploaded, and edited data inside ServiceDesk Plus Cloud when it's no longer relevant.

When a user/admin deletes a record, it is either removed immediately or moved to the trash based on the record type. For e.g., deleting a custom field permanently removes it, while deleting other fields moves them to Trash. And from Trash, it gets deleted after 30 days.

Data portability

Administrators can export service data for every module of ServiceDesk Plus.

Reference: https://help.sdpondemand.com/export-data

Audit logs

System logs are where you can access more historical information on activities done in the application. All information on the key activities done in the application is recorded. The logs can be viewed and exported as CSV and XLS files.

Reference: https://help.sdpondemand.com/view-system-log

Retention policy

When a user deletes personal data in an organization, it is removed immediately and moved to the trash based on its type. For example, a deleted Additional Field can be removed instantaneously while a deleted Request is first moved to the trash. From the trash, it gets deleted after 30 days or is removed instantaneously if the user manually removes it.

Data is retained in your account for as long as you choose to use ServiceDesk Plus cloud. Once you terminate your ServiceDesk Plus Cloud account, your data will get deleted from the active database during the next cleanup that occurs once every six months. The data deleted from the active database will be deleted from backups after three months.

Data security

  • Users and administrators are allowed to decide who can access the data, and for how long
  • Access can be revoked at any time. Access to personal data is provided based on user roles
  • ServiceDesk Plus Cloud mobile and desktop apps will not leave behind any orphaned files after uninstallation
  • Data protection meets the industry standards for ISO 27001 and SOC 2 Type 2

Reference: https://www.zoho.com/compliance.html

More features:

ServiceDesk Plus is GDPR-ready to give you a more secure service desk experience.

(a) PII fields in templates:

Mark a data field as PII when adding an additional field to a template so you can easily distinguish PII from other data.

GDPR compliance software

(b) Meet users' right to be forgotten:

The GDPR grants individuals a number of rights, including the right to be forgotten. That means that users can ask an organization to delete all their data, or anonymize the data if deleting user information conflicts with business processes or violates other regulations. You can now anonymize users' names and completely delete their other PII in ServiceDesk Plus to respect their right to be forgotten under the GDPR.

(C) Anonymize and erase PII/ePHI:

When a user exits the organization, user data in the Mobile Number and Phone Number fields will be deleted by default. All the PII/ePHI fields are explicitly marked within the application can be anonymize or erase.

(D) Encryption at rest for sensitive data:

Protecting sensitive data is one of the key aspects of the GDPR. With that in mind, ServiceDesk Plus now allows you to encrypt sensitive information collected and stored from Request Additional Fields. Single line, multi-line, and pick list fields can all be encrypted.

GDPR data encryption software

(E) Password protection for backup data:

ServiceDesk Plus' backup file is password protected should anyone try to open or restore it.

GDPR password protection

(F) Anonymize already deleted users:

Users that have been deleted from the application can have their information anonymized from the Deleted Users view.

(G) Viewing PII/ePHI log:

The PII/ePHI log functions as a historical record of all activities around the PII/ePHI fields across the application. Each log on this page contains information on the PII/ePHI field's module, sub-module, the action, and when exactly it occurred. The admin can export the log files in CSV and XLS file formats.

(H) File Protection Password:

Provide secure access to the data exported from ServiceDesk Plus Cloud by embedding them inside a password protected zip file. Password-protected files help you safeguard your users' personal data per the privacy regulations in place.

Password protection applies to the following data exported from the system:

  • Individual module data exported under Setup > Data Administration > Data Export.
  • Reports exported or scheduled in emails.

The SDAdmin can configure a common password to be used by all users and non-users, and technicians can configure their own login-specific passwords.

Upgrade to the latest version of ServiceDesk Plus and leverage our GDPR features.

Let's support faster, easier, and together