Professional Documents
Culture Documents
CTAP For NGFW - Data Privacy Notice
CTAP For NGFW - Data Privacy Notice
CTAP For NGFW - Data Privacy Notice
NGFW
Assessments
Cyber Threat Assessment Program
Data Privacy for NGFW Assessments
2. Fortinet may collect information via the Cyber Threat Assessment Program, which
will be handled as outlined in Fortinet’s Privacy Policy:
https://www.fortinet.com/corporate/about-us/privacy.html
b. Fortinet’s products may automatically send usage and log data to Fortinet
during participation in this program.
The CTAP for NGFW report is produced automatically based on these inspection logs. The
inspection logs contain IP addresses/hostnames associated with individual machines. We
intentionally do not identify individual user names (via LDAP for instance).
This data is processed in either Canada (for Americas-based assessments) or Germany (for
anything outside of Americas).
www.fortinet.com 2
Data Privacy for NGFW Assessments
Log data is transported to Fortinet for processing via a secured channel (SSL encrypted).
Log data is only stored for the duration of the assessment. When an assessment is
completed, raw logs are permanently erased from any processing servers. The raw logs
collected are deleted as soon as the report is marked as “Completed.”
If Fortinet generates a report (Report Ready status) and the assessment creator does not
mark it “Complete,” we automatically delete the raw logs after 7 days. We occasionally get
requests to generate a second report, but we may be unable to because the raw logs have
already been deleted. This is implemented by design and was instituted to protect customer
privacy.
For any questions about Fortinet steps to ensure privacy or the use of the end user’s data,
the assessment conductor should email ctap@fortinet.com for clarifications.
www.fortinet.com 3