Security, Privacy and Compliance at Symbl.ai
Empowering customers to build highly secure and scalable systems that operates on conversation data.
Compliance
SOC2 Type II
Symbl has completed a full third-party SOC 2 Type II audit – an independent auditor has evaluated our product, infrastructure, and policies, and certifies that Symbl complies with their stringent requirements for the certification.
HIPPA BAA
Symbl.ai offers HIPAA BAA agreements to companies in the healthcare industry that must comply with HIPAA regulations for safeguarding patient privacy and sensitive health information. We also sign Business Associate Contracts as required.
PCI Compliant
Symbl.ai is compliant with the Payment Card Industry (PCI) Data Security Standard (DSS) that requires strict security controls and processes for transacting customer payment card data.
GDPR Compliant
Symbl.ai complies with the General Data Protection Regulation (GDPR). All new vendors, assets and activities pertaining to processing personal data are subject to a review of privacy, security and compliance.
We follow relevant processes for transfers of personal data outside the European Union / UK. We also help our customers provide GDPR compliant solutions to their end-users and customers.
CSA CAIQ
Symbl.ai completed the security assessment with the The Consensus Assessments Initiative Questionnaire (CAIQ). CAIQ is provided by the Cloud Security Alliance (CSA) for cloud consumers and auditors to assess information security capabilities of cloud providers.
Symbl complies with the secure cloud computing best practices and follows the standard security controls that exist in cloud services, such as infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS) offerings.