SECURITY

Built with security in mind

Encord is HIPAA and SOC 2 compliant and has Role-Based Access Control which enables effective user management and maintains appropriate data privacy levels across multiple AI data projects.

AICPA SOC 2 Certified

Encord has successfully completed its Systems and Organizational Control (SOC)-2 Examination. In doing so Encord maintains its adherence to one of the most stringent, industry-accepted compliance frameworks for service organizations and provides additional assurance to its clients, through an independent auditor (Dansa D'Arata Soucia LLP), that its business process, information technology and risk management controls are properly designed.

HIPAA Certified

Encord utilizes enterprise-grade best practices to protect our customers' sensitive health information and uses Drata to verify its security, privacy, and HIPAA compliance controls. Drata's HIPAA product provides an automated approach to ensuring that organizations can demonstrate compliance.

Continuous Security Control Monitoring

Encord uses Drata's automation platform to continuously monitor security controls across the organization. Automated alerts and evidence collection allow Encord to confidently prove its commitment to protecting your sensitive health information while fostering a security-first mindset and culture of compliance across the organization.

Employee training

Security is a top priority, with all employees required to complete annual HIPAA and SOC 2 security training programs.

Secure software development

Encord utilises a variety of manual and automatic data security and vulnerability checks throughout the software development lifecycle.

Data encryption

Any data passing through the Encord platform is encrypted both in-transit using TLS and at rest.

VULNERABILITY DISCLOSURE PROGRAM

If you believe you've discovered a bug in Encord's security, please get in touch at security@encord.com. Our security team promptly investigates all reported issues.