The offerings have been created in addition to InCountry's existing platform. Organizations can store regulated data within country borders and meet those industry's compliance requirements. While the HIPAA and SOC certifications may have originated in the U.S., Devasia said the requirements for those two could be mapped onto laws around the world and that the vendor's research team has started to do just that.
For example, Devasia said InCountry can look at HIPAA and see its similarities to health care laws in the Netherlands or United Arab Emirates. By using HIPAA as a reference point, Devasia said it will be easier for the vendor to help customers in those countries comply with their own health care processing and storage laws.
InCountry is looking to obtain other certifications, as well. Devasia pointed to certifications that have more of a worldwide scale as its next target.
"This year, we are looking very heavily at many of the ISO standards, including 27001, 27017, 27018 and 27701. Those ones are the next areas that we are going to focus in on," Devasia said. "By stretching into those, we will have more of a global reach. They also go toward demonstrating the holistic approach that we take to compliance."
Certifications have started to gain steam as an attractive investment for organizations in the privacy market. A
So far, InCountry has had the data-residency-as-a-service market to itself, but competition will likely appear on the horizon. Data localization is an issue that not going anywhere. As vendors enter this segment of the privacy tech market, they may need to quickly obtain their own certifications or run the risk of watching customers take their business elsewhere.
"In this regulated space, you really cannot play without having those certifications to demonstrate to your customers. You are asking your customers to give you their crown jewels and hold onto them. That’s not something most people want to," Devasia said. "They are going to want and demand some level of due diligence to get through a procurement process. If you don’t have these certifications, a lot of times, it’s going to be, 'You don’t have them? Then we aren’t talking to you.'"
