Since the founding of the company, Cognitive3D has recognized its responsibility and commitment to protecting the data privacy of its clients.
Today, they are pleased to announce the completion of the SOC2 Type 1 audit and can provide all of their clients with peace of mind, knowing that their interests are fully protected.
The SOC 2 certification provides an external audit for Cognitive3D’s internal security practices to ensure that they are following enterprise standards for the security of their customer’s user data
What is SOC2?
SOC 2 is a certification issued by outside auditors to assess how compliant vendors are with one or more of the five trust principles based on the systems and processes in place.
- Security: The protection of system resources against unauthorized access.
- Availability: The minimum acceptable performance level for accessibility of the system, products or services as specified by the contract or SLA.
- Processing integrity: Data processing must be complete, valid, accurate, timely and authorized.
- Confidentiality: Data is considered confidential if its access and disclosure is restricted to a specified set of persons or organizations.
- Privacy: The system’s collection, use, retention, disclosure and disposal of personal information according to the standards set by the privacy police and AICPA. Controls must be put in place to protect all PII from unauthorized access
How Cognitive3D protects customer data
The Cognitive3D Spatial Analytics Platform records, measures, aggregates, and analyzes data from virtual reality (VR), augmented reality (AR) and mixed reality (MR) experiences. User data is collected from applications based on Unity Engine and Unreal Engine by installing an appropriate Software Development Kit (SDK), which transmits user session data to Cognitive3D’s cloud infrastructure.
Cognitive3D has established principal service commitments and system requirements, which are communicated via service agreements and consist of the following:
- Maintain commercially reasonable administrative, technical, organizational, and physical measures to protect the security of customer data against anticipated threats or hazard.
- Use standard secure encryption methods to protect customer data at rest and in transit.
- Maintain information security infrastructure and cloud infrastructure controls for content obtained, transported, and retained by Cognitive3D for provision of the Cognitive3D’s services.
- Maintain HR processes including security and privacy training.
- Disaster recovery plans are in place and tested at least once per year.
- Provide the service using shared cloud infrastructure based in the United States