Security and Compliance
How Do We View Security?
At retrain.ai, we take security seriously. Our experienced team of security practitioners works across disciplines for the purposes of securing our Software Development Life Cycle.
We frequently conduct security assurance for our entire organization, ensuring that every employee thinks about data privacy and security as regularly and seriously as any other daily task.
On a daily basis, we scan our environments for vulnerabilities, and being alerted for any potential threats.
Compliance
SOC 2
retrain.ai is in the process of achieving SOC 2 type 2 in 2022Q3 with EY as an auditor.
27001
retrain.ai is ISO 27001 certified. We are audited annually to ensure compliance and maintain our certification status.
GDPR
retrain.ai complies and supports compliance, with data protection laws and regulations such as the EU General Data Protection Regulation.
CCPA
retrain.ai complies with the California Consumer Privacy Act (CCPA).
Information security in a global world must be at the forefront of every business, from company strategy to the last of the processes. Information security and cyber awareness are critical to maintaining a safe business while mitigating theft and damage. Considerations include sensitive data, personally identifiable information (PII), personal information, intellectual property (IP), data, and governmental and industry information systems.
Lior Segal, CISO
DPO - Data Protection Officer
To communicate with our Data Protection Officer, please email [email protected]
retrain.ai strongly believes that your data privacy comes first. As such, retrain.ai takes all measures to protect your company and employees’ personal data. We strictly limit the collection and processing of your personal data. We do not use personal data that you provide to us in a manner inconsistent with the purposes for which you provided it to us, and with restricted internal access.
How do we approach security?
We have adopted a People Process and Technology framework (PPT).
How do we leverage it?
A PPT provides complete control and visibility to high-performance development teams so that they can streamline the development process. Combining these three elements helps us build strong, secure, and fast.
CDLC security
The retrain.ai Software Development Lifecycle is designed with precautions to reduce security risks during code development while delivering software functionality.
Feature requests, bugs, and code enhancements are triaged and processed for threat modeling and risk analysis. Developed code is peer- and security-reviewed before final commit and quality assurance validation.
Via the “shift-left” approach, our process guarantees application security at the earliest stages in the development lifecycle.
Developed code from day one must have unit test code developed for test release. retrain.ai’s Development teams perform automated E2E testing, regression, UI, as well as performance, and web application penetration testing.
Security by design
retrain.ai’s DNA, and our strategy at the beginning of a software design/lifecycle, is to think about the security and privacy of the software by adopting this approach to prevent data integrity vulnerability, privacy, availability, and confidentiality.
Awareness training
All retrain.ai employees and contractors attend mandatory Information Security Training during the on-boarding process, as well as annual training thereafter.