メインコンテンツにスキップ

Trust Center

Amazing Products and Lasting Partnerships Are Built on Trust

Security, compliance, and privacy are key components of the Abnormal platform.

We are committed to providing secure products that support compliance and build trust. Use this Trust Center to learn about our security and trust initiatives. For additional documentation and certification proof, visit the Security Hub.

Certifications & Compliance

16+ frameworks. Audited annually. Independently verified.

ISO 27001
ISO 27701
ISO 42001
SOC 2 Type II
CSA STAR
FedRAMP Moderate
GovRAMP
TX-RAMP
CMMC
CJIS Compliant
GDPR Compliant
NIS2 Aligned
DORA Compliant
Cyber Essentials Plus
CCPA Compliant
PIPEDA Compliant

Security and Compliance

At Abnormal, we prioritize and invest in information security because the cyber threat landscape, and the security and compliance requirements for all companies, no matter where they operate, is more complicated and dynamic than ever. We also know that implementing strong information security controls makes good business sense — security builds trust, and trust builds great business.

Privacy

Like our customers, we value data protection and privacy. The privacy laws and frameworks around the world are advancing, adjusting, and expanding their collective reach, and that's why we take care to partner with our customers to address data protection compliance.

Resource

Abnormal AI Product Privacy Guide

What services does Abnormal AI provide? Download our product privacy guide for the full overview.

Download Now

Trust and Compliance at Abnormal AI

Security and Compliance

Information Security Program

We maintain an internal Information Security Program (ISP) that addresses our products and our general business practices. The ISP ensures a secure environment for our personnel, customers, systems, and the data we are entrusted to handle. Our ISP is designed to implement appropriate technical and organizational security measures covering our product environments and related company systems, covering key areas such as access controls; personnel training; physical security; network and cloud security; credential and key Management; and software development life cycle policies and practices. Abnormal AI documents our ISP controls, policies and standards, as well as, third-party audit reports in our Security Hub. Access is available under NDA by visiting security.abnormal.ai.

SOC 2 Compliance

Our ISP is audited on at least an annual cadence by a third-party auditor in connection with a SOC 2 audit. We maintain a SOC 2 certification as a result of this regular audit activity and can share the most recent SOC 2 report with our customers on request and under a non-disclosure agreement. The SOC 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA) existing Trust Services Criteria (TSC). The purpose of this report is to evaluate an organization’s information systems relevant to security, availability, confidentiality, and privacy.

ISO 27001 Certified

A-LIGN Security and Compliance, Inc. certifies that Abnormal AI, Inc. operates an Information Security Management System (ISMS) that conforms to the requirements of ISO/IEC 27001:2022.

ISO 27701 Certified

A-LIGN Security and Compliance, Inc. certifies that Abnormal AI, Inc. operates a Privacy Information Management System (PIMS) that conforms to the requirements of ISO/IEC 27701:2019.

ISO 42001 Certified

A-LIGN Security and Compliance, Inc. certifies that Abnormal AI, Inc. operates an Artificial Intelligence Management System (AIMS) that conforms to the requirements of ISO/IEC 42001:2023.

Privacy

Compliance With Principles and Frameworks

We regularly engage with our customers to respond to and address their privacy-related questions and we work with our customers to execute a Data Protection Addendum (DPA) to our Master Service Agreement which governs the use of our product. The DPA reflects our data protection commitment in each customer relationship and ensures that we and our customers take steps to comply with applicable privacy rules and frameworks such as the General Data Protection Regulation (GDPR) in the European Union (EU), European Economic Area (EEA), and the United Kingdom (UK) as well as the California Consumer Privacy Act (CCPA).

International Personal Data Transfers

We take collaborative steps with our customers to ensure that personal data transfers made by using our product are conducted in accordance with applicable laws. A key component of this joint effort is handled by our DPA, which includes Standard Contractual Clauses (commonly referred to as “Model Clauses”) to demonstrate and satisfy legal compliance of personal data transfers from the EU, EEA, and UK to third countries such as the United States.

Subprocessors

We engage the following subprocessors to help provide our products to our customers.

View Subprocessors