data.world has successfully completed a Type 1 SOC 2 for the Security Trust Service Principle for the data.world platform.
The SOC 2 report provides assurance to our customers and our own team that the organization has designed and implemented effective security controls as defined in the SOC 2 standards set forth by the American Institute of Certified Public Accountants (AICPA).
A copy of our SOC 2 report is available to customers under NDA. Please contact your sales representative or firstname.lastname@example.org.
- Monitoring for common vulnerabilities and exposures (CVEs)
- Private networks for applications and data
- DDoS mitigation through global content distribution network (CDN)
- Intrusion detection software
- System activity log reviewed in real time for security impacting events
- Documented and auditable change management process
- Passwords are encrypted in transit and at rest
- Data and web transmissions are encrypted using current and strong algorithm/key
- Customer data has multiple secure backups
- Member datasets posted to the “private” side of data.world are not accessed by employees except when required for customer support and service, to comply with laws or court orders or by invitation of the administrator of that dataset
- All access to member datasets posted to the “private” side of data.world is logged
- Employees and systems have only the permissions required to do their jobs
Security and service event management
- We employ multiple services to monitor our systems and applications for problems and anomalous activity
- We have 24/7 staff on-call for incident management
- Any service impacting event is communicated through status.data.world and our help Twitter account @ddwhelp. Additionally, data.world members may get support at help.data.world
We employ a third-party Information Security Consulting firm to perform evaluations of our application code for security vulnerabilities and to perform penetration tests against our infrastructure.
Accreditations and physical security
Customer data is stored in Amazon Web Services and Google Cloud Storage, both of which have multiple accreditations including ISO 27001 and SOC 2 & 3 statements.
Have a question, concern, or comment about data.world security? Please contact data.world Support.