# Compliance & Security Standards
Detailed documentation on the compliance certifications, security architecture, and operational standards that govern the We360.ai platform.
## SOC 2 Compliance
We360.ai has achieved full SOC 2 Type 1 and Type 2 compliance, reinforcing our dedication to maintaining the highest standards of security and operational excellence.
What is SOC 2 Compliance?
SOC 2 compliance, established by the American Institute of Certified Public Accountants (AICPA), involves a thorough audit that evaluates an organization's systems and controls for processing customer data. It focuses on security, availability, processing integrity, confidentiality, and privacy of the system.
**SOC 2 Type 1 vs. Type 2:**
* **Type 1** -- Assesses the design of security processes at a specific point in time.
* **Type 2** -- Examines the operational effectiveness of these processes over a period, typically six months to a year.
We360.ai has been awarded both SOC 2 Type 1 and Type 2 compliance.
### Trust Service Principles
SOC 2 compliance is based on five Trust Service Principles:
| Principle | Description |
| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------- |
| **Security** | Protecting system resources against unauthorized access. |
| **Availability** | Ensuring system availability as committed or agreed. |
| **Processing Integrity** | System processing is complete, valid, accurate, timely, and authorized. |
| **Confidentiality** | Information designated as confidential is protected as such. |
| **Privacy** | Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the privacy notice. |
### Maintaining Compliance
To maintain SOC 2 compliance, We360.ai:
* Regularly reviews and updates security policies and procedures.
* Conducts ongoing training for staff to ensure compliance with these policies.
* Engages in continuous monitoring and auditing of security systems and processes.
* Undergoes annual audits to renew SOC 2 compliance.
Clients interested in reviewing the SOC 2 report can contact the We360.ai team for detailed information and access.
## Additional Standards
GDPR Readiness
We360.ai's data handling practices align with the General Data Protection Regulation (GDPR), ensuring lawful processing, data minimization, and support for data subject rights for individuals within the European Union.
HIPAA Considerations
For organizations handling protected health information, We360.ai's encryption, access controls, and audit logging capabilities support HIPAA compliance requirements.
Data Encryption
* **In Transit** -- All data transmitted between the agent and We360.ai servers is encrypted using TLS.
* **At Rest** -- All stored data is encrypted using industry-standard encryption on Google Cloud Platform (GCP) infrastructure.
Infrastructure and Hosting
We360.ai leverages the security protocols of Google Cloud Platform (GCP) for data infrastructure, providing robust protection and high availability.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.we360.ai/reference/work-and-time-management/framework/compliance-and-security-standards.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.