AssemblyAI is fully dedicated to the security and privacy of our systems and customer data. We've been focused on ensuring we are secure by default, and completing key security audits helps to demonstrate this fact.
We're excited to announce that we've received our annual SOC 2 Type 2 certification. This rigorous annual process shows our ongoing commitment to security.
What is a SOC 2 Type 2 Report?
A SOC 2 Type 2 Report is a Service Organization Control (SOC) audit on how a cloud-based service provider handles sensitive information. It covers the suitability of a company's controls and its operating effectiveness.
As a cloud-native AI company, having an independent assessment of our security safeguards is a cornerstone of trust. SOC 2 covers five trust service principles (TSPs): security, availability, processing integrity, confidentiality, and privacy. As part of the assessment by independent inspectors, AssemblyAI provided documentation of controls and access to our systems to be sampled and evaluated. Additionally, we've implemented testing and alerting around all these key areas. We have a team that continuously monitors and audits these tests.
AssemblyAI has stringent security controls in place
Our SOC 2 Type 2 report is from an independent auditor. It verifies that our internal procedures and policies align with the operational practices, validating that we keep user information safe, secure, and reliably available.
Some examples of the security controls we have in place at AssemblyAI include:
- Encryption of all data at rest and in transit.
- Secure backup of data with regular tests of restoration of data.
- Security reporting process. Security issues should be reported to firstname.lastname@example.org, and any incidents will be disclosed promptly.
- All employees regularly complete security awareness training.
- Additionally, employees must have a business need to access the production environment using SSO and MFA.
- All source code changes require peer review, following a secure development policy.
- AssemblyAI reviews vendors' security practices regularly.
Our SOC 2 Type 2 report contains more detailed explanations of these controls. Note that both existing and prospective customers must sign an NDA to access the information. To request our audit report, contact our sales team.
AssemblyAI's work is never done regarding security
Though it's great that we can point to this report as proof of the security work we've been doing, our work in security is never done. Compliance and security audits are not a one-and-done effort; they are ongoing and require constant vigilance to meet ever-increasing threats. That’s why we’ll be continually evaluating our security systems to ensure the strictest safety measures are in place and maintained, even if this means going well beyond what’s simply required to meet regulations.
If you’d like to learn more about our security and privacy policies, this page expands on what we have discussed here. And if you have any questions or concerns about our security and privacy practices, don’t hesitate to reach out any time at email@example.com.