data.world

data.world security

Your data is very important to you, and we take your entrusting it to us seriously.

Last updated: November 9, 2017
data.world

SOC 2

data.world has successfully completed a Type 1 SOC 2 for the Security Trust Service Principle for the data.world platform.

The SOC 2 report provides assurance to our customers and our own team that the organization has designed and implemented effective security controls as defined in the SOC 2 standards set forth by the American Institute of Certified Public Accountants (AICPA).

A copy of our SOC 2 report is available to customers under NDA. Please contact your sales representative or sales@data.world.

System Security

  • Monitoring for common vulnerabilities and exposures (CVEs)
  • Private networks for applications and data
  • DDoS mitigation through global content distribution network (CDN)
  • Intrusion detection software
  • System activity log reviewed in real time for security impacting events
  • Documented and auditable change management process

Encryption

  • Passwords are encrypted in transit and at rest
  • Data and web transmissions are encrypted using current and strong algorithm/key
  • Customer data has multiple secure backups

Employee Access

  • Member datasets posted to the "private" side of data.world are not accessed by employees except when required for customer support and service, to comply with laws or court orders or by invitation of the administrator of that dataset
  • All access to member datasets posted to the "private" side of data.world is logged
  • Employees and systems have only the permissions required to do their jobs

Security and service event management

  • We employ multiple services to monitor our systems and applications for problems and anomalous activity
  • We have 24/7 staff on-call for incident management
  • Any service impacting event is communicated through status.data.world and our help Twitter account @ddwhelp. Additionally, data.world members may get support at help.data.world

Software Security

We employ a third-party Information Security Consulting firm to perform evaluations of our application code for security vulnerabilities and to perform penetration tests against our infrastructure.

Accreditations and physical security

Customer data is stored in Amazon Web Services and Google Cloud Storage, both of which have multiple accreditations including ISO 27001 and SOC 2 & 3 statements.

Contact Us

Have a question, concern, or comment about data.world security? Please contact data.world Support.