Talent Intelligence Platform Security & Compliance
How Do We View Security?
At retrain.ai, we take security seriously. Our experienced team of security practitioners works across disciplines for the purposes of securing our SDLC (shifting left).
We frequently conduct security assurance for our entire organization, ensuring that every employee thinks about data privacy and security as regularly and seriously as any other daily task.
On a daily basis, we scan our environments for vulnerabilities, and being alerted for any potential threats.
Compliance
SOC 2 Type 2
retrain.ai’s SOC 2 (Type 2) controls are assessed by EY (Ernst & Young Global Limited), which validates our controls based on the security, privacy, availability, and confidentiality trust services criteria.
ISO 27001
retrain.ai’s Information Security Management System meets the requirements of ISO 27001 and 27002 international standards.
ISO 27018
retrain.ai meets the requirements of ISO 27018 regarding our protection of personally identifiable information (PII) in the cloud.
GDPR
retrain.ai complies and supports compliance, with data protection laws and regulations such as the EU General Data Protection Regulation.
CCPA
retrain.ai complies with the California Consumer Privacy Act (CCPA).
Meet Our CTO, Avi Simon
“Information security in a global world must be at the forefront of every business, from company strategy to the last of the processes. Information security and cyber awareness are critical to maintaining a safe business while mitigating theft and damage. Considerations include sensitive data, personally identifiable information (PII), personal information, intellectual property (IP), data, and governmental and industry information systems.”
DPO - Data Protection Officer
To communicate with our Data Protection Officer, please email privacy@retrain.ai
retrain.ai strongly believes that your data privacy comes first. As such, retrain.ai takes all measures to protect your company and employees’ personal data. We strictly limit the collection and processing of your personal data. We do not use personal data that you provide to us in a manner inconsistent with the purposes for which you provided it to us, and with restricted internal access.
How do we approach security?
We have adopted a People Process and Technology framework (PPT).
How do we leverage it?
A PPT provides complete control and visibility to high-performance development teams so that they can streamline the development process. Combining these three elements helps us build strong, secure, and fast.
SDLC security
The retrain.ai Software Development Lifecycle is designed with precautions to reduce security risks during code development while delivering software functionality.
Feature requests, bugs, and code enhancements are triaged and processed for threat modeling and risk analysis. Developed code is peer- and security-reviewed before final commit and quality assurance validation.
Via the “shift-left” approach, our process guarantees application security at the earliest stages in the development lifecycle.
Developed code from day one must have unit test code developed for test release. retrain.ai’s Development teams perform automated E2E testing, regression, UI, as well as performance, and web application penetration testing.
Security by design
retrain.ai’s DNA, and our strategy at the beginning of a software design/lifecycle, is to think about the security and privacy of the software by adopting this approach to prevent data integrity vulnerability, privacy, availability, and confidentiality.
Awareness training
All retrain.ai employees and contractors attend mandatory Information Security Training during the on-boarding process, as well as annual training thereafter.
