SOC 2 Compliance
WhizAI has successfully completed the Service Organization Control (SOC) 2 Type I audit. The SOC 2 report verifies the suitability of the design and operating effectiveness of WhizAI information security practices, policies, procedures, and operations to meet the standards for security.
WhizAI has implemented a comprehensive risk management framework to identify, assess, and manage risks to our systems and data. We conduct regular risk assessments to identify potential threats and vulnerabilities, and we prioritize risk mitigation efforts based on their potential impact. Our risk management approach is integrated into our day-to-day operations, and our employees and contractors are trained to be aware of potential risks and report any suspicious activities promptly. By taking a proactive approach to risk management, we are able to maintain a secure environment for our customers' data and meet the rigorous SOC 2 compliance requirements.
We conduct regular vulnerability assessments to identify potential weaknesses in our systems and promptly address them. We have implemented a robust patch management process to ensure that all security patches and updates are applied promptly. Our employees and contractors are trained to be aware of potential vulnerabilities and report any suspicious activities promptly. We also conduct regular penetration testing to identify potential vulnerabilities and assess the effectiveness of our security controls. Our vulnerability management approach is integrated into our day-to-day operations, and we continuously strive to improve our processes to maintain the highest standards of data protection and security.
Vendor Vulnerability Management
When software vulnerabilities are revealed and addressed by a vendor patch, WhizAI will obtain the patch from the applicable vendor and apply it within an appropriate time frame in accordance with WhizAI’s then-current vulnerability management and security patch management standard operating procedure and only after it is tested and determined to be safe for installation in all production systems.
Responsible Disclosure Program
WhizAI has implemented a responsible disclosure program to encourage the reporting of any potential security vulnerabilities by external parties. Our responsible disclosure program provides clear guidelines on how to report vulnerabilities and encourages ethical disclosure. We prioritize the prompt and efficient resolution of any reported vulnerabilities and acknowledge and thank individuals who report vulnerabilities responsibly. Our responsible disclosure program helps us maintain a secure environment for our customers' data and allows us to continuously improve our security posture. We encourage anyone who believes they have found a security vulnerability in our systems to report it promptly through our responsible disclosure program.
At WhizAI, we use tenant isolation to ensure that each customer's data is stored separately and securely, protecting it from potential breaches or unauthorized access.
Zero Trust Policies
We use zero trust policies to authenticate and authorize all users and devices accessing our systems and data, reducing the risk of unauthorized access or data breaches.
We encrypt data both in transit and at rest using industry-standard encryption algorithms to ensure that our customers' data is protected from potential unauthorized access or breaches, meeting the SOC 2 compliance requirements.
Access control can be managed at a record, row, and role level.
Apply user authentication via integration with LDAP, SSO (SAML 2.0), or your own authentication system.
Activity Audit Logs
We incorporate activity audit logs to track and monitor all user activity on our systems, providing visibility into potential security incidents and meeting the SOC 2 compliance requirements for logging and monitoring.
WhizAI is here to support you however you need. You control the level of access you want to provide to our support team, as well as the way in which you would like to engage us.