Luke Davies-Cooke August 30, 2022

Encord - a SOC 2 compliant data platform for computer vision

blog image

As a proponent of data-centric AI and a leader in computer vision infrastructure and labelling software, we’re well aware of the potential pitfalls and challenges companies face during the machine learning application lifecycle. Anyone looking to deploy machine learning applications in non-trivial cases has to successfully navigate the various regulations and laws surrounding not only data management, but also where models trained on that data can be deployed — you can find a fuller set of considerations in our blog. In other cases, highly proprietary or sensitive data may be used in training and validation. In all cases, you need to know your partner in annotation and quality control takes security and compliance with regulatory frameworks as seriously as you do.

To that end, Encord is excited to announce we’ve successfully completed our SOC2 Type 1 examination as of July 8, 2022. This report affirms our commitment to the highest security and operational standards, and our further commitment to communicate this with our users and customers. We’ll break down how this report illustrates our strong security posture, and how this makes it easier for us to work with anyone deploying machine learning applications using our computer vision data platform.

Contents of the SOC2 report

This report is a confirmation that Encord is committed to the highest possible industry standards from both a system and service perspective according to the Systems and Organisational Control (SOC) criteria in Security, Availability, and Confidentiality. The report was authored by a rigorous, independent auditor and explains in detail our:

- Secure architecture and policies for limiting access to data — The production infrastructure at Encord is isolated from all other networks at the company, and access is limited to only those who need it in their professional capacity.

- Continuous monitoring of security controls — We use tools to help us continuously monitor system configurations and access settings to ensure we’re always maintaining strict and compliant security posture.

- Continuous monitoring of systems and incidence response policy — From the perspectives of both security and availability, Encord uses best practices, tools and systems to ensure we’re informed of any abnormalities and positioned to quickly investigate and respond appropriately.

- Thorough Employee Onboarding Process — We have a stringent process for employee interview, selection, and onboarding which includes confirming candidates’ backgrounds and security training for onboarded employees, ensuring high integrity and security consciousness is present in the entire company.

Why is SOC2 important?

We’re a young startup — but we’re acutely aware of how important security and regulatory compliance is to the success and well-being of our customers and potential customers. We’re announcing SOC 2 Type 1 now to show we’re serious about about security and compliance, and to make it easier for our customers to understand our security posture and take comfort knowing we’re committed to best practices. Additionally, we view the SOC 2 Type 1 report as the first step in our continuous journey to enhance our security and operational excellence. As we move towards SOC 2 Type 2 compliance, adhering to the framework will ensure we have security, knowledge of regulatory frameworks play a continuous role in growth going forward.

To see more information about how we’re addressing the needs of our customers when it comes to security, take a look at our security page.

If you’re a customer or potential customer, reach out to us about obtaining our full SOC 2 Type 1 report, and to discuss how we can help meet your training and labelling needs while maintaining your own security and compliance.