SOC2 is a compliance standard developed by the American Institute of CPAs (AICPA) that specifies how organizations should manage customer data, specifically based on the following five trust principles:
3. Processing integrity
Organizations that handle customer data are certified as compliant by undergoing a rigorous audit and assessment of their data security processes.Glean AI has successfully completed this audit and now can proudly display the SOC2 badge.
“Demonstrating our commitment to the security of our users’ information is a critical part of our work,” said Philip Hickey, Head of Engineering at Glean AI. “We’re proud to have achieved this certification and prouder of the commitment to industry security standards it represents.”
Glean AI has always been committed to ensuring and protecting the privacy of its clients and their data. Achieving this industry-recognized accreditation underscores this ongoing commitment.
Security refers to the protection of system resources against unauthorized access. By implementing strong controls, a company is able to prevent potential system misuse as well as the theft, alteration, disclosure or unauthorized removal of data.
Availability refers to the accessibility of the system, products or services as stipulated by the contract (or service level agreement) entered into by the customer. This principle ensures customer access to details of network performance and availability, security incident handling and related data.
Processing integrity asks the core question: Does the system achieve its stated purpose? This principle addresses the fact that data processing must be complete, valid, accurate, timely, and authorized. Processing integrity also considers data processing and quality assurance.
Confidential data - defined as data that is restricted to a specified set of persons or organizations - must be protected according to the user’s requirements. This principle covers data encryption, network and application firewalls and other access controls.
Privacy refers to a company’s collection, use, retention, disclosure, and disposal of personal information.The privacy principle states that this must be completed in conformity with the organization’s privacy notice, as well as with other criteria set out by AICPA’s Generally Accepted Privacy Principles (GAPP). The privacy principle also covers the protection of personally identifiable information (PII), which is sensitive data relating to health, race, sexuality, and religion.
Glean AI’s SOC 2 badge — which we display proudly — is an important symbol of the importance we place on our customers’ data security, compliance and privacy. Going forward, we will continue to commit to this high level of data security and we will hold these principles as our top priority.