Playment is committed to building trust with all its customers and data security is a big part of that goal. We are constantly working to map our data security practices to the industry’s latest security standards.
Today, we are happy to announce that Playment has received its SOC 2 Type I certification and is in anticipation of the Type II accreditation soon. This is mainly to reassure all our customers that their valuable data is always safe and protected.
With new security threats proliferating the internet, SOC 2 has become one of the most important data security compliance standards today. Since Playment offers web-based annotation services, the SOC 2 certification is a critical indicator that we handle all our customer’s data in a secure manner.
What is SOC 2 Compliance?
The SOC 2 certification standard is developed by the American Institute of Certified Public Accountants (AICPA). The certification is based on the internationally recognized Trust Services Criteria framework for governing the storing of private business and customer information by third-party, cloud-based service providers.
SOC stands for Service Organisation Control and is a technical certification awarded by external auditors that evaluate if client data security management processes are up to date and in line with the provisions of this certification.
When a business is SOC 2 compliant, it signifies they implement proper security systems to manage customer data as per the trust service principles — security, availability, processing integrity, confidentiality, and privacy.
Types of SOC 2 Audits
There are two types of SOC 2 audits:
Type I: The report describes a vendor’s systems and whether their design is suitable to meet relevant trust principles.
Type II: The report details the operational effectiveness of those systems and includes a historical element that shows how controls were managed by a business over a minimum period of six months.
As of May 2021, Playment is SOC 2 Type I compliant and we are continuing our efforts to be fully accredited with a Type II certification.
What does SOC 2 compliance cover?
The five trust principles included under SOC 2 are as follows:
This principle is focused on the protection of data from unauthorised access that may lead to theft, misuse, unauthorised changes, removal, or disclosure of data. The security system to prevent such breaches include firewalls, two-factor authentication, and intrusion detection.
This principle refers to the accessibility of the system, products, or services as stipulated in the Service Level Agreement [SLA]. Sometimes, security protocols may interfere with the availability of the system, products, or services. It is important to monitor network availability/performance, have disaster recovery protocols, and site failover to ensure the stipulations are duly met.
This principle relates to how the data system achieves its goals i.e. data processing and production as intended and promised. Quality assurance processes and monitoring data processing closely to ensure accuracy, prompt and timely delivery, helps safeguard the processing integrity for customers.
This principle outlines the confidentiality of data like internal company information, business information, price lists, intellectual property, confidential client data, etc. Confidentiality of data can be protected via encryption during transmission, application, and network firewalls, strict internal and external access controls.
This principle pertains to personal client information that the data system uses, collects, retains, discloses, and/or disposes of. This data could include personally identifiable information (PII) such as client names, addresses, and social security numbers. Information related to race, sexual orientation, health, religion, and other data also requires extra security measures. SOC 2 mandates strict access controls should apply to this information.
Why SOC 2 compliance is important?
While SOC 2 compliance isn’t a mandate, we believe that its role in building our customers’ trust cannot be understated. We want our customers to know that we handle their data according to the highest industry standards.
Meeting SOC 2 compliance means establishing processes and practices that guarantee oversight across a company, guaranteeing customers that their data is protected from any unusual, unauthorised, or suspicious activity.
We understand that our customers are developing ML models on their proprietary data or even their customer's data and so we take the trust of our customers and the security of their data very seriously. The SOC 2 certificate is a testament to our data security commitment.
Customer trust and data security are at the centre of everything we do at Playment.
From initial NDAs for pilots to secure data transfers and other security protocols during the course of our engagement, security is built into every part of the platform and processes that involve our customers.
Playment is committed to ensuring the highest standards of data security by:
- Having a dedicated security team to oversee all security aspects of Playment
- Acquiring external 3rd-party certifications for improved security policies
- Following security-related industry standards and best practices
- Deploying the best security technology to safeguard against security threats
More than 200+ ML teams trust Playment
Our commitment to enterprise-grade security is one reason why leading ML teams such as Samsung, Daimler, Nuro, Intel, and many more rely on Playment to accelerate the development of their AI applications.
We’ve been long-committed and will continue to uphold the highest data security standards in the times to come.
Have more questions?
If you’re looking to engage with Playment and require more clarifications, hit us up at firstname.lastname@example.org