11/02/2022
Kumo is SOC 2 compliant
Independent audit verifies Kumo’s internal controls and processes
Kumo is proud to announce that we are now SOC 2 Type 1 certified and compliant and SOC 2 Type 2 is in progress. This certification is a publicly visible milestone that demonstrates our core commitment to keeping your data secure. We expect to make additional announcements about our security certification efforts over the coming months. Beyond third-party attestations, Kumo is built from the ground up with data security and governance in mind.
“Here at Kumo, we have always taken a proactive approach to our security posture and governance. We see the SOC 2 certification as an affirmation of our commitment to our customers and to a security-oriented development and operations process,” said Vanja Josifovski, CEO and Co-founder of Kumo. “Kumo is pleased to demonstrate its commitment to security by achieving SOC 2 Type I certification, and the reassurances that such a trusted standard brings with it.”
Kumo Platform
Kumo platform enables enterprises to leverage state-of-the-art predictive analytics to query the future. Kumo amplifies the data scientist, making it possible to immediately tackle many prediction problems by setting up a single data connection to a source of data. Kumo abstracts away and automates the entire process of feature preparation, label engineering, model optimization, and ML Ops, making it easy for the analyst to leverage the capabilities of an entire data and ML team instantly using a simple interface out of the box.
Kumo is built on top of Pytorch Geometric, one of the leading OSS libraries for building and managing Graph Neural Networks(MIT License).
Why is SOC 2 so important?
Developed by the American Institute of CPAs (AICPA) SOC 2 defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality, and privacy. With that, SOC 2 is the standard for security compliance for SaaS applications that handle customer data.
With the completion of our SOC 2 Type 1 audit, our customers and users are assured there has been an independent and full review of Kumo’s security and privacy practices. Users also have the assurance that security controls are being implemented and practiced throughout Kumo on an ongoing basis. SOC 2 instills best practices from the start, but those practices must be continued and expanded.
The SOC 2 audit reports focus on a service organization’s non-financial reporting controls as they relate to the security, availability, processing integrity, and confidentiality of a system. The SOC 2 attestation achievement audit report verifies the suitability of the design of Kumo’s controls to meet the standards for these criteria.
What’s next for Kumo’s security efforts
We continue to progress and enhance organizational controls and regularly review the security status within our organization, as well as third-party vendors and SaaS tools. We’ll continue to conduct security penetration testing, schedule security incident training for employees, and review and fix security vulnerabilities in software dependencies.
In the next few months, we’ll pursue the next SOC 2 attestation, known as SOC 2 Type 2 and ISO 27001. And because we serve customers across a variety of industries, including retail, automotive, internet, and software, we plan to consider additional security standards as needed.
We understand compliance is an ongoing journey and a collaborative effort, and we will continue to design our organization and technology to adhere to the most advanced security requirements.
Resources
Kumo has implemented Vanta as a continuous security and compliance monitoring platform. It provides a real-time view of our security controls and performs daily automated checks on our cloud infrastructure and internal business tools. To view this report, including our Data Processing Agreement (DPA), or for questions about our security architecture, contact us at security@kumo.ai