Confident AI Trust Center
Confident AI is in compliance with security best practices, has implemented and is monitoring comprehensive controls, and maintains policies to outline its security procedures.
Compliance
Resources
SOC 2 Type I Report
SOC 2 Type II Report
Network Security Policy
Company Handbook
GDPR Information Security and Access Control Policy
Controls
Access restricted to modify infrastructure
Remote access tool
VPN access
Access control procedures
User list with assigned roles and privileges
ePHI data sanitization
Encryption of data
Privacy by design and default policy
Data protection impact assessment
Criminal data processing policy
Penetration testing
Web application firewall
Outsourced Development Management
Code repositories
Tracking of code changes
SSL/TLS certificates for infrastructure
Infrastructure firewall
Intrusion detection tool
Monitoring tool
Network diagram
Incident response and breach notification policy
Alerts and remediation
Breach notification communication
Security incident list
Internal GDPR compliance assessments
Binding corporate rules policy
Whistleblower policy
Rectification request policy
Objection handling policy
Log management tool
Vendor management program
Vendor list
ePHI risk assessment report
Vendor onboarding
Vendor termination
Consent records
Age verification and parental/guardian consent process
New employee and contractor agreements
Security awareness training implemented
Existing employee and contractor agreements
List of newly hired employees & contractors
Media disposal training
Asset register maintaining
Multi-availability zones
Risk management program
Risk and Governance Executive Committee meeting minutes
Lawful basis assessment
Legitimate interest assessment
Customer termination
Customers list
Patient status and admission records
Information security policies and procedures
Key management services used
Subprocessors
RailwayCloud Infrastructure & Platform Services