CAI Platforms Security Policy

Introduction

At CAI Platforms, our overarching goal is to transform the tools and processes of organizations, like yours, by providing a cutting-edge autonomous AI platform that facilitates real-time deep learning at scale for common enterprise applications. Central to this mission is our commitment to ensuring the security of your data, a responsibility we consider paramount. To accomplish this, CAI Platforms has meticulously crafted platforms and applications that not only meet but exceed the stringent security protocols and standards prevalent in the industry. Our dedication to transparency underscores our approach to security.

Highlights of Our Security Program:

Security Governance:

  • The Information Security Committee (ISC) at CAI Platforms, led by the Chief Information Security Officer (CISO), governs our comprehensive Information Security Program.
  • A risk-driven approach, incorporating administrative, technical, and physical safeguards, aligns with industry requirements, standards, and best practices.
  • Regular review, updates, and approvals of a comprehensive suite of information security policies are conducted.

People Security:

  • Rigorous employee background checks, including education, employment, criminal, credit, immigration, and security checks where permissible by law.
  • Ongoing security training for all employees, covering topics such as secure coding practices, product design, and threat awareness.

Operational Security:

  • Strict access management for employees and customers, incorporating the principle of least privilege and need-to-know.
  • Robust vulnerability management processes, including third-party scans, penetration testing, and bug bounty programs.
  • Effective malware prevention measures, including anti-malware solutions and employee training.

Data Center Security:

  • Utilization of AWS, Microsoft Azure, and Google Cloud Platform with a focus on physical security, redundant power systems, and environmental controls.
  • Encryption of customer data at rest and in transit, using AES-256bit encryption and TLS 1.2 or higher.
  • High availability design with automatic failover and regular backup strategies.

Data Security:

  • Logical separation of customer data in databases with options for isolated databases.
  • Strict access controls for employees, with no customer data persisting on employee laptops.
  • Audit trails for all actions related to infrastructure changes or data access.

Application Security:

  • Adoption of secure software development lifecycle practices, including code reviews, continuous integration testing, and secure-by-design principles.
  • Internal and third-party security testing to identify and mitigate vulnerabilities.
  • Release management ensures seamless updates and communication of major feature changes.

Network Security:

  • Implementation of a Web Application Firewall (WAF) and Intrusion Prevention System (IPS) to safeguard against unauthorized traffic.

Third-Party Vendor Management:

  • A thorough assessment of security and privacy practices before onboarding third-party vendors.
  • Establishment of security, confidentiality, and privacy contract terms with third-party suppliers.

Regulatory Compliance & Privacy:

  • Continuous monitoring and response to regulatory changes by our ISC team.
  • Full compliance with GDPR and CCPA, with a commitment to customer data privacy.

At CAI Platforms, we prioritize your data security through robust governance, comprehensive training, advanced technologies, and compliance with regulatory standards. Our unwavering commitment to excellence ensures that your experience with our autonomous AI platform is not only cutting-edge but also highly secure.

hero