Enterprise-Grade Data Security
At 7.ai we understand that ensuring data security, privacy, and regulatory compliance is critical to our customers, and our success.
Security is a top concern for every company we do business with, it’s also a top priority for 7.ai. We protect your data as if it were our own with an emphasis on people, process, and technology.
We hire only the best security experts with industry knowledge and experience, and our teams are industry certified across multiple disciplines. We are strategically placed to ensure global coverage with hands-on expertise in every region of the world.
7.ai incorporates security into our daily processes. We are aligned to ISO standards using repeatable and documented processes that are audited annually by a third party. Our processes also include quality assurance, separation of duties, oversight, and governance best practices.
7.ai uses state of the art technology to monitor, detect, and respond to security events. We have aligned to the National Institute of Standards and Technology (NIST) and have taken a layered security approach with no single points of failure.
- Data – We protect data using strong ciphers that align with NIST for both data at rest and in transit. Additional controls are leveraged for regulated and sensitive data.
- Technology – Software and hardware are maintained as prescribed by NIST. 7.ai uses industry leading platforms to ensure the highest level of security.
- Monitoring – Activities, technology, data, and people managing the platform are monitored by our support groups 365 days a year.
- Reporting – 7.ai regularly reports to clients on the efficacy of our platforms.
7.ai maintains compliance certifications with several regulated industries so we can support our regulated clients and those they serve. These certifications are validated annually with independent auditors who provide 7.ai attestation reports on letterhead.
7.ai maintains compliance with the Payment Card Industry Data Security Standard (PCI-DSS) for both our platform products and our business process outsourcing (BPO) sites. These compliance certifications are issued by a Qualified Security Assessor and shared with our customers’ risk management departments.
SOC 2 Type 2
7.ai maintains an SOC 2 Type 2 certification, which ensures we have met the criteria for managing customer data based on five “trust service principles”:
This certification is unique to our control effectiveness and demonstrates our ability to provide services as prescribed by the American Institute of CPAs (AICPA).
Additionally, 7.ai aligns to many other regulations and can demonstrate compliance based on customer needs.
Auditing is a key pillar of good governance, providing an independent assessment to leaders, boards, and customers as it relates to a risk and control environment. 7.ai leverages both internal and external auditors to accomplish this using seasoned professionals and industry recognized firms. The results of these reports help mitigate risk and drive action. 7.ai audit functions round out our three lines of defense model and build on combined assurance.
This team focuses on internal risks and controls across all departments. Reports are shared directly with business leaders, executives, and our Board of Directors. Results are tracked to completion and re-tested to ensure risks are appropriately managed.
7.ai uses industry known external auditors for areas of specialization. These audits focus on specific areas deemed critical for the company.
7.ai works with our customers to satisfy their vendor oversight requirements. We provide our compliance reports as needed and will address audit needs not covered by these reports as agreed upon. Our ability to work closely with regulated companies and provide necessary data to ensure compliance is the key to success.
Protecting our customers’ privacy by focusing on key data privacy principles is critical. 7.ai adheres to the General Data Protection Regulation (GDPR) and can act as both a controller and a processer depending on our agreed upon relationship with our customers.
The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
The processor is the entity (which can be natural or legal person, public authority, agency, or other body) that processes personal data on behalf of the controller under the controller’s instructions. 7.ai will assist our controllers to fulfill requests to stay compliant with GDPR.
Data Protection Officer
7.ai has appointed a DPO and adheres to GDPR notification and compliance mandates.