DataRobot is the leader in enterprise AI, delivering trusted AI technology and ROI enablement services to global enterprises competing in today’s Intelligence Revolution. Its enterprise AI platform maximizes business value by delivering AI at scale and continuously optimizing performance over time. Trust, security and privacy are key values to DataRobot as an organization, and our goal is to impart these values to our customer relationships.
Our application is built with security in mind. Our controls include data encryption in transit and at rest, two-factor authentication, and role-based access management. We follow a secure software development lifecycle and are always working to develop our security maturity to meet the changing cybersecurity landscape.
Network and Endpoint Security
We have systems in place to ensure your data is safe from malware, vulnerabilities, and other cybersecurity threats like network-based attacks and unauthorized access. We regularly perform penetration testing using a trusted third party.
We have achieved, or plan to achieve, the following certifications:
- ISO 27001: We are certified under ISO 27001, a globally recognized standard for an organization’s Information Security Management System.
- SOC2 Type II: We annually undergo an independent assessment of our cloud controls environment.
- FedRamp: We are currently in the process of being certified under FedRamp, a set of security requirements for cloud service providers to the US government.
Privacy and Compliance
We comply with current industry standards and regulations so that you can feel confident that your data is protected and compliant.
- GDPR and CCPA: While we don’t allow customers to upload personal data to our cloud platform, we have policies and procedures in place to ensure that all personal data that we do process is managed in a way compliant with international privacy regulations.
- Privacy Shield: We are EU-US and Swiss-US Privacy Shield compliant and have been certified by third party auditor TRUSTe. You can check our Privacy Shield status here.
- HIPAA and HITECH: A third party auditor certified that DataRobot has all necessary administrative and operational controls in place to process ePHI. We currently do not sign BAAs as we do not allow personal data in the platform, but customers interested in modeling ePHI can inquire about our on-prem solution.
- PCI-DSS: All credit card payments are processed through Stripe, our third party credit card processor. You can read about Stripe’s security practices on their website: www.stripe.com. While we don’t allow modeling of credit card data in the cloud platform, we plan to seek a PCI-DSS 3.2 Attestation of Compliance in 2021 and can assist customers using our on-prem solution to comply with PCI requirements using our custom installation playbooks.
DataRobot’s Enterprise Security Steering Committee is a cross-functional leadership team that shapes our security programs, and drives executive alignment. The Committee works with our Security Advisory Council to ensure that security is a key consideration of all company initiatives. All of our employees receive security and privacy training and testing, and participate in monthly contests that reward information security awareness. We have comprehensive policies and procedures in place designed to manage the integrity of our environment, and ensure security is embedded at a technical, physical and operational level.
On Premises Platform
For customers that want to keep their data in house and use our self-hosted solution, we can provide controls and consultation to help you meet your unique security and privacy requirements.
- We have playbooks to help you meet PCI, FISMA, DoD, GDPR, ISO and SOC2 environment requirements
- Encryption in transit and at rest configurations are available using your own certificate authorities
- Compatible with DNSSEC