Home
Security
Cerebrium follows security best practices
Cerebrium is GDPR and and SOC 2 Type I compliant which means we enforce certain security standards and protocols. Our compliance is continually monitored through Vanta. Please reach out to security@cerebrium.ai if you would like more information regarding our security compliance and implementations.
Infrastructure Security
- Cerebrium frequently performs vulnerabilities scans and these vulnerabilities are remediated based on the time frame set out in our incident response plan.
- Cerebrium conducts annual business continuity and security incident exercises. This is a requirement to remain SOC 2 compliant.
- Cerebrium has daily database backups enabled.
- Employee Computers are frequently monitored via the Vanta agent.
- Multi Factor Authentication (MFA) is enforced across all platforms relating to Cerebrium.
- Cerebrium uses logging and metrics observability providers, including Datadog and BugSnag.
Organizational Security
- Cerebrium employees are subject to a general security awareness training during their onboarding period.
- Cerebrium regularly audits employee access to internal systems.
- Employee Computers are frequently monitored via the Vanta agent.
- Multi Factor Authentication (MFA) is enforced across all platforms relating to Cerebrium.
Product Security
- Cerebrium frequently performs vulnerabilities scans and these vulnerabilities are remediated based on the time frame set out in our incident response plan.
- Cerebrium conducts annual business continuity and security incident exercises. This is a requirement to remain SOC 2 compliant.
- Cerebrium enforces HTTPS for all services using TLS (SSL), including our Cerebrium Dashboard and our Cerebrium Python package.
- Cerebrium maintains access logs across all its infrastructure services.
- Software dependencies are audited by Github’s Dependabot.
- User data is encrypted at rest.
Internal Security Procedures
- Cerebrium frequently performs vulnerabilities scans and these vulnerabilities are remediated based on the time frame set out in our incident response plan.
- Cerebrium regularly audits employee access to internal systems.
- Cerebrium conduct annual business continuity and security incident exercises. This is a requirement to remain SOC 2 compliant.
Data and Privacy
- Cerebrium deletes customer data upon request
- User data is encrypted at rest.