Overview
The Compliance Settings feature configures a variety of settings all at once to support compliance with regulations such as HIPAA, FISMA, and GLBA. This article includes considerations for using Compliance Settings and instructions for activating the feature.
Note that Compliance Settings goes beyond what CrashPlan requires to support compliance with HIPAA. Use these options if your CrashPlan environment requires more control over backup data. To learn about other ways to support compliance with HIPAA, see CrashPlan and HIPAA compliance.
About Compliance Settings
Instead of manually configuring individual settings to support a compliant CrashPlan environment, click a single button to activate Compliance Settings and make the changes automatically. Because Compliance Settings is a permanent change, activate it once and know the organization's settings will stay in a compliance-supporting state, without the need to continuously monitor or update the settings in the CrashPlan console.
Activating Compliance Settings:
- Restricts administrators' ability to access user data.
- Elevates security by requiring users to set passwords to secure their backup data.
- Automatically disables web restores and push restores.
Considerations
Review the following significant considerations before continuing.
Legal
If you are subject to HIPAA regulations, you must obtain a Business Associate Agreement before your CrashPlan environment can be seen as fully supporting HIPAA compliance.
Compatibility
Compliance Settings is incompatible with the Legal Hold web app, which means you can no longer collect data for a legal hold. To continue using this feature, you must manually configure settings to support compliance.
Security
Compliance Settings upgrade the security level for the organization to archive key password, which means users can restore files only from their CrashPlan apps, and they are required to enter their archive key passwords to do so. Therefore, administrators cannot perform web restores.
Move users
- If you move a user out of a Compliance Settings organization, the user's backup archive expires immediately, and a new backup starts.
You must contact CrashPlan support to move the user out of a Compliance Settings organization. - If you move a new user into a Compliance Settings organization, the user's relevant settings are updated automatically.
Activate Compliance Settings
After you upgrade your CrashPlan apps, activate Compliance Settings for one or more organizations.
- Child organizations inherit the activated Compliance Settings.
- Sibling and parent organizations are not affected.
If your CrashPlan environment is in the CrashPlan cloud, you cannot enable Compliance Settings for your top-level organization. Activate Compliance Settings for one or more child organizations instead.
- Sign in to the CrashPlan console.
- Go to Organizations.
- Select an organization.
- From the action menu, choose Edit.
The Organization Settings dialog appears. - Next to Compliance Settings in the upper right corner, click Activate.
A confirmation message appears highlighting the changes to the organization's settings. - Read through the information.
- Type ACTIVATE, and select I understand this is permanent and irreversible.
- Click Activate.
External resources
For a detailed explanation of HIPAA requirements, please reference the following resources from the U.S. Department of Health & Human Services: