Information Security

DataRobot, the leader in automated machine learning, is developed and built with the enterprise in mind. We implement risk-based and standards-based security protocols to secure both our services and customer data. Our comprehensive security program ensures compliance with industry standards and best-practices for information security, corporate controls, and software development.

Network and Endpoint Security

We have systems in place to ensure your data is safe from malware, vulnerabilities, and other cybersecurity threats like network-based attacks and unauthorized access. We regularly perform penetration testing using a trusted third party. 

Governance

DataRobot’s Enterprise Security Steering Committee is a cross-functional leadership team that shapes our security programs, and drives executive alignment. The Committee works with our Security Advisory Council to ensure that security is a key consideration of all company initiatives. All of our employees receive security and privacy training and testing, and participate in monthly contests that reward information security awareness. We have comprehensive policies and procedures in place designed to manage the integrity of our environment, and ensure security is embedded at a technical, physical and operational level. 

On Premises Platform

For customers that want to keep their data in house and use our self-hosted solution, we can provide controls to help you meet your unique security and privacy requirements.

• Encryption in transit and at rest configurations are available using your own certificate authorities
• Compatible with DNSSEC

Certifications

We have achieved, or plan to achieve, the following certifications: 

• ISO 27001: We are certified under ISO 27001, a globally recognized standard for an organization’s Information Security Management System.
• SOC2 Type II: We annually undergo an independent assessment of our cloud controls environment. 
• FedRamp: We are currently in the process of being certified under FedRamp, a set of security requirements for cloud service providers to the US government.