Team Security Practices Overview
Private AI builds software in a security conscious manner. This page will give some insight into the processes and measures the engineering team engages in.
Application Security best practices
Private AI follows security best practices and engages in development processes including regular vulnerability assessments at the code, application and container levels and remediates them according to the SLAs below.
If you have any questions about our processes, feel free to reach out to the team!
Container building
The Private AI container is built on an even slimmer slim image to minimize unnecessary dependencies which reduces the container size as well as exposure to dependency vulnerabilities.
SLA for security patches
Private AI addresses security issues within the following SLA: Based on the CVSS v3.0 rating system
- Critical: Within 48 hours of CVE publication and resolution availability
- High: Within 2 weeks of CVE publication and resolution availability
- Medium and under: Within 1 month of CVE publication and resolution availability
SOC 2, ISO 27001 and other certifications
Is Private AI certified?
Private AI is ISO 27001 certified and is working towards SOC 2 certification. You can find out more at the Private AI Trust Center.
Is Private AI SOC 2 / ISO 27001 compliant?
Yes! Using our scale product, Private AI is SOC 2 and ISO 27001 compliant because we deploy on-prem and we don't retain any data processed.