Security

• Private network for applications and data
• Host Intrusion detection and File Integrity Monitoring software
• Rigorous change management and Software Development Lifecycle
• Annual penetration test and code analysis by third-party security firm
• Regular application of operating system and software library security patches

• Support for Single Sign On and user provisioning through SAML
• Role based access controls (RBAC)
• Least-privilege authorization between application services and database
• Temporary credentials for all system access

• All data is encrypted while in transit on public networks and at rest
• Regular rotation of encryption and authentication keys
• Multiple secure, encrypted backups in geographically distributed data centers

• 24/7 Security Operations Center reviewing security events
• 24/7 staff on-call for incident management
• Any service impacting event is communicated through status.data.world and our help Twitter account @ddwhelp. Additionally, data.world members may get support at help.data.world

• SOC 2, Type II: data.world has completed attestation and audit for 2019.
• HIPAA: data.world has obtained an affirmative HIPAA opinion. Contact legal@data.world to obtain our form BAA

Have a question, concern, or comment about data.world security? Please contact data.world Support.

Download Security Overview PDF