Securing Data Across APAC: Achieving APEC PRP Certification

At Okta, trust and transparency are core to who we are as a company. These values critically inform the way we view our responsibilities to our customers and to the personal data of their users that they entrust to Okta.

The keystone of our transparency is providing our customers with a clear understanding of how we collect, process, and secure their data, so that our customers, together with Okta, can comply with continually-evolving data privacy laws and regulations around the world.

With that in mind, we are excited to announce that Okta has been certified as meeting the requirements of the Asia-Pacific Economic Cooperation Privacy Recognition for Processors (APEC PRP) framework, for all of our products. The APEC PRP allows data processors to demonstrate their ability to provide effective implementation of a data controller’s privacy obligations under the APEC Cross-Border Privacy Rules (APEC CBPR), and similarly allows data controllers to identify qualified and accountable data processors. This certification puts Okta among a small group of organizations that have demonstrated their ability to support cross-border data transfers for data controllers within the Asia-Pacific Economic Cooperation, which consists of countries across Asia, Australia, and the Americas.

Our APEC PRP certification entailed a comprehensive, independent audit focused on Okta’s privacy program, including its security safeguards. Only an APEC-approved Accountability Agent can perform this audit and provide this certification.

Okta’s presence in the Asia-Pacific region has grown rapidly over the past several years, with growth in our regional headquarters in Sydney, and recent key hires in Singapore and Japan. We are committed to supporting our customers’ expanding deployments of our service throughout the region, and our APEC PRP certification recognizes that our privacy-by-design program forms a foundational layer of our identity platform, and that we can ensure safe and secure data flows and storage across the APAC region.

“Okta’s mission is to enable anyone to use any technology, securely. This means striking the right balance between privacy and innovation, and above all establishing trust with our customers,” said Graham Sowden, General Manager APAC at Okta. “It’s important for Okta to demonstrate that we’ve taken the precautions to secure and protect the data that our customers provide to our platform. We’re very pleased to be among a small number of organizations meeting the requirements of the APEC PRP.”

The APEC PRP certification is binding on all of Okta’s products, effective immediately, and is expressly described in our Data Processing Addendum (DPA), which customers and prospective customers can access via Okta’s Trust & Compliance portal.