At SOLUS AI, we are deeply committed to safeguarding our customer’s privacy, viewing it as both an ethical imperative and a compliance requirement. We utilise advanced technologies and stringent security measures to protect sensitive customer data, fostering transparency and control.
We are pleased to announce that SOLUS AI has successfully achieved SOC 2 compliance. This significant milestone reflects our unwavering commitment to the security, availability, and confidentiality of the data entrusted to us by our customers.
SOC 2 compliance underscores our dedication to maintaining robust controls and stringent security measures in our operations, ensuring that our clients can have full confidence in the protection of their data. We believe this achievement further solidifies our position as a trusted partner in the realm of artificial intelligence and data analytics.
SOC 2, which stands for Service Organization Control 2, is a framework for assessing and ensuring the security, availability, processing integrity, confidentiality, and privacy of customer data in service organisations.
It is a set of standards and guidelines developed by the American Institute of Certified Public Accountants (AICPA) to evaluate how well a company manages and protects customer data. SOC 2 compliance involves a thorough audit and assessment of an organisation’s internal controls and processes related to data security and privacy.
Achieving SOC 2 compliance demonstrates a company’s commitment to data security and privacy, which can be crucial for businesses that handle sensitive customer information, such as cloud service providers, data canters, and other service organisations. It helps build trust with customers, partners, and stakeholders by showing that the organisation has implemented strong controls to protect data from unauthorised access, disclosure, or breaches.
We are aligning ourselves with following the five trust service principles. These principles are designed to assess an organisation’s ability to protect customer data and ensure the reliability and security of its systems and services.
The Security principle assesses the effectiveness of an organisation’s controls and measures to protect against unauthorised access, both physical and logical. This includes safeguarding data, equipment, and facilities from threats and vulnerabilities.
The Availability principle evaluates the organisation’s ability to ensure that its systems and services are available and operational when needed to meet its commitments to customers. This principle focuses on minimising downtime and disruptions.
The Processing Integrity principle assesses whether the organisation’s systems and processes are accurate, complete, and reliable in delivering the intended results. It ensures that data is processed correctly and that errors are appropriately addressed.
The Confidentiality principle evaluates the controls and measures in place to protect sensitive information from unauthorised access and disclosure. It includes assessing how the organisation classifies and restricts access to confidential data.
The Privacy principle assesses the organization’s controls and practices related to the collection, use, retention, and disposal of personal information in accordance with its privacy policies and compliance obligations. It focuses on protecting individuals’ privacy rights.
We at SOLUS AI are taking this step to signify our commitment to ensuring the privacy and security of customer information. We recognize the importance of instilling confidence in our customers regarding their data, which is why we are delighted to achieve this certification.
- We utilise an automated GRC platform, guided by our third-party compliance vendor, to effectively manage compliance with all three standards.
- Our security posture undergoes regular assessments and adjustments to align with these standards.
- We’ve centralised all compliance-related documents and tasks for SOC 2 on the platform.
- Our organisation has established and enforces Information Security policies to adhere to these protocols.
- We’ve integrated information security training as a mandatory component of the onboarding process for new team members.
- We’ve implemented a proven framework to identify and address potential issues in real time, ensuring proactive mitigation efforts.
This commitment also signifies that we are actively safeguarding any data under our care. As our valued customers, you can have peace of mind, knowing that your data is securely handled and protected.