Ctrlk
Portal

Compliance & Security Standards

We360.ai compliance — GDPR, HIPAA, SOC2 standards, encryption, SLA/SLO, and employee monitoring data security.

Detailed documentation on the compliance certifications, security architecture, and operational standards that govern the We360.ai platform.

SOC 2 Compliance

We360.ai has achieved full SOC 2 Type 1 and Type 2 compliance, reinforcing our dedication to maintaining the highest standards of security and operational excellence.

What is SOC 2 Compliance?

SOC 2 compliance, established by the American Institute of Certified Public Accountants (AICPA), involves a thorough audit that evaluates an organization's systems and controls for processing customer data. It focuses on security, availability, processing integrity, confidentiality, and privacy of the system.

SOC 2 Type 1 vs. Type 2:

  • Type 1 -- Assesses the design of security processes at a specific point in time.

  • Type 2 -- Examines the operational effectiveness of these processes over a period, typically six months to a year.

We360.ai has been awarded both SOC 2 Type 1 and Type 2 compliance.

Trust Service Principles

SOC 2 compliance is based on five Trust Service Principles:

Principle
Description

Security

Protecting system resources against unauthorized access.

Availability

Ensuring system availability as committed or agreed.

Processing Integrity

System processing is complete, valid, accurate, timely, and authorized.

Confidentiality

Information designated as confidential is protected as such.

Privacy

Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the privacy notice.

Maintaining Compliance

To maintain SOC 2 compliance, We360.ai:

  • Regularly reviews and updates security policies and procedures.

  • Conducts ongoing training for staff to ensure compliance with these policies.

  • Engages in continuous monitoring and auditing of security systems and processes.

  • Undergoes annual audits to renew SOC 2 compliance.

Clients interested in reviewing the SOC 2 report can contact the We360.ai team for detailed information and access.

Additional Standards

GDPR Readiness

We360.ai's data handling practices align with the General Data Protection Regulation (GDPR), ensuring lawful processing, data minimization, and support for data subject rights for individuals within the European Union.

HIPAA Considerations

For organizations handling protected health information, We360.ai's encryption, access controls, and audit logging capabilities support HIPAA compliance requirements.

Data Encryption

  • In Transit -- All data transmitted between the agent and We360.ai servers is encrypted using TLS.

  • At Rest -- All stored data is encrypted using industry-standard encryption on Google Cloud Platform (GCP) infrastructure.

Infrastructure and Hosting

We360.ai leverages the security protocols of Google Cloud Platform (GCP) for data infrastructure, providing robust protection and high availability.

PreviousSystem ArchitectureNextCompany Processes

Last updated

Was this helpful?