Skip to main content
Code42 Support

Activating Compliance Settings

Applies to:
  • Code42 CrashPlan (previously CrashPlan PROe)

Overview

Compliance Settings is a feature new to version 5.4 that makes it easy to configure a variety of settings all at once to support compliance with regulations such as HIPAA, FISMA, and GLBA. Instead of an administrator manually configuring all of the individual settings to support a compliant Code42 environment, the administrator can activate Compliance Settings with a single button, and the relevant changes are made automatically.

Because Compliance Settings is a permanent change, administrators can activate it once and know the organization's settings will stay in a compliance-supporting state, without the need to continuously monitor or correct the settings in the administration console.

Activating Compliance Settings:

  • Automatically disables web restores and push restores.
  • Restricts administrator visibility of and access to user data.
  • Elevates security by requiring users to set a password to access their backup data.

This article outlines the considerations for Compliance Settings and shows how to activate the feature.

Considerations

There are significant considerations for the Compliance Settings feature. Review all of the following before continuing.

  • If you are subject to HIPAA regulations, you must obtain a Business Associate Agreement before your Code42 environment can be seen as fully supporting HIPAA compliance.
  • Compliance Settings requires Code42 server version 5.4 or later. Earlier versions of the Code42 server require manual configuration to support compliance.
  • The CrashPlan apps on user devices must be upgraded to version 4.8 or 5.4 to be seen as supporting compliance.
  • Compliance Settings is activated by organization; it cannot be activated for all organizations at once. Child organizations inherit the activated Compliance Settings, but sibling and parent organizations are not affected.
  • Once Compliance Settings has been activated for an organization, it cannot be turned off. It is a permanent change.
  • After Compliance Settings is activated, you can no longer restore files for users from the administration console. The CrashPlan mobile app is also disabled.
  • Compliance Settings is incompatible with the Legal Hold, File Search, and Security web apps, which means you can no longer collect data for a legal hold, search for user files or pattern-matching, or monitor users' file activity. To continue using these features, you must manually configure the settings to support compliance.
  • If you move a user out of a Compliance Settings organization, the user's backup archive expires immediately, and a new backup starts. If you move a new user into a Compliance Settings organization, the user's relevant settings are updated automatically.
  • Compliance Settings upgrades the security level for the organization to archive key password, which means users can restore files only from the CrashPlan app, and they are required to enter their archive key passwords to do so. Because administrators don't know the users' archive key passwords, they cannot perform web restores.
  • After activating Compliance Settings, we recommend immediately dumping your database and backing up that database dump. If you have many thousands of users, dumping your database might take a few minutes to complete.
  • Compliance Settings is available for customers on the Code42 Enterprise, Enterprise Private, and Classic product plans.

Before you begin

If you have an on-premises master server, you must upgrade the CrashPlan app on all user devices to version 4.8 or 5.4 before enabling Compliance Settings. This makes sure the users are prompted to create an archive key password the next time they sign in to the CrashPlan app.

Upgrade your CrashPlan apps
If you use SSO and you fail to upgrade your CrashPlan apps to version 4.8 or 5.4, the users' archive key passwords will be set to a random, unknowable value, and the users' data will be unrecoverable.

Step 1: Disable indexing

You must disable indexing for the organization in which you activate Compliance Settings. This action disables search for data that was previously indexed, and it prevents indexing going forward.

Disable indexing

  1. Sign in to the administration console.
  2. Go to Organizations.
  3. Select an organization.
  4. From the action menu (gear icon), choose Edit.
    The Organization Settings dialog appears.
  5. Select Indexing.
    If you don't see the Indexing tab, it is not enabled for your environment. Skip to step 2 below.
  6. Deselect Inherit settings from parent.
  7. Deselect Index all archives in this organization.
  8. Click Save.

Step 2: Disable endpoint monitoring

You must disable endpoint monitoring for the organization in which you activate Compliance Settings. This action removes the ability to monitor users' file movements.

Disable endpoint monitoring

  1. Sign in to the administration console.
  2. Go to Organizations.
  3. Select an organization.
  4. From the action menu (gear icon), choose Edit.
    The Organization Settings dialog appears.
  5. Select Endpoint Monitoring .
    If you don't see the Endpoint Monitoring tab, it is not enabled for your environment. Skip to step 3 below.
  6. Deselect Inherit settings from parent.
  7. Deselect all the boxes under Detection Types.
  8. Click Save.

Step 3: Activate compliance settings

After you upgraded your CrashPlan apps, disabled indexing, and disabled endpoint monitoring, activate Compliance Settings.

Activate compliance settings

  1. Sign in to the administration console.
  2. Go to Organizations.
  3. Select an organization.
  4. From the action menu (gear icon), choose Edit.
    The Organization Settings dialog appears.
  5. Next to Compliance Settings in the upper right corner, click Activate.
    A confirmation message appears highlighting the changes to the organization's settings.
  6. Read through the information.
  7. Type ACTIVATE, and select I understand this is permanent and irreversible.
  8. Click Activate.

External resources

For a detailed explanation of HIPAA requirements, please reference the following resources from the U.S. Department of Health & Human Services:

  • Was this article helpful?