Security and Compliance

Protecting information is really about protecting people. We take that seriously.

How Do We View Security?

At retrain.ai, we take security seriously. Our experienced team of security practitioners works across disciplines for the purposes of securing our Software Development Life Cycle.

 

We frequently conduct security assurance for our entire organization, ensuring that every employee thinks about data privacy and security as regularly and seriously as any other daily task.

 

On a daily basis, we scan our environments for vulnerabilities, and being alerted for any potential threats.

Compliance

SOC 2

retrain.ai is in the process of achieving SOC 2 type 2 in 2022Q3 with EY as an auditor.

 

27001

retrain.ai is ISO 27001 certified. We are audited annually to ensure compliance and maintain our certification status.

 

GDPR

retrain.ai complies and supports compliance, with data protection laws and regulations such as the EU General Data Protection Regulation.

CCPA

retrain.ai complies with the California Consumer Privacy Act (CCPA).

 

 

DPO - Data Protection Officer

To communicate with our Data Protection Officer, please email [email protected] 

retrain.ai strongly believes that your data privacy comes first. As such, retrain.ai takes all measures to protect your company and employees’ personal data. We strictly limit the collection and processing of your personal data. We do not use personal data that you provide to us in a manner inconsistent with the purposes for which you provided it to us, and with restricted internal access.

 

How do we approach security?

We have adopted a People Process and Technology framework (PPT).

How do we leverage it?

A PPT provides complete control and visibility to high-performance development teams so that they can streamline the development process. Combining these three elements helps us build strong, secure, and fast.

CDLC security

The retrain.ai Software Development Lifecycle is designed with precautions to reduce security risks during code development while delivering software functionality. 

Feature requests, bugs, and code enhancements are triaged and processed for threat modeling and risk analysis. Developed code is peer- and security-reviewed before final commit and quality assurance validation.

Via the “shift-left” approach, our process guarantees application security at the earliest stages in the development lifecycle. 

Developed code from day one must have unit test code developed for test release. retrain.ai’s Development teams perform automated E2E testing, regression, UI, as well as performance, and web application penetration testing.

Security by design

retrain.ai’s DNA, and our strategy at the beginning of a software design/lifecycle, is to think about the security and privacy of the software by adopting this approach to prevent data integrity vulnerability, privacy, availability, and confidentiality.

Awareness training

All retrain.ai employees and contractors attend mandatory Information Security Training during the on-boarding process, as well as annual training thereafter.