Security at OctoML
Your data security and privacy is a top priority for OctoML. We continually invest in security capabilities and practices in our platform and processes.We received SOC2 Type I certification in late 2022 and are underway for SOC 2 Type II. The below is a partial list of security measures we take to ensure our platform and data are secure.
If you have questions about using OctoML and meeting your specific compliance needs, let's setup a time to talk.

Product Security
Authentication
OctoML uses third party authentication from Frontegg. We do not store any passwords.
Physical Security
OctoML production data is processed and stored within tier one cloud providers and commercial data-centers.
System Security
All OctoML servers and databases are protected by firewalls and secure system settings. All of our production servers run Linux.
Storage
All persistent data is encrypted at rest.
Operational Security


Policies
OctoML has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.


Employee Training
Each OctoML employee is trained on security best practices and awareness during onboarding and continue with ongoing training programs. We perform disaster recovery and data restoration tests on an annual basis.


Change control
OctoML uses robust change control policies to balance control and speed when making changes to the system.


Backups and Recovery
OctoML takes regular backups of data and performs regular tests of restoring that data in the event of a serious incident.


Pentests
We engage third-party security experts to perform detailed penetration tests on the OctoML platform.