Below are described key resources and answers about Globant Enterprise AI’s security, privacy, and compliance.
Globant Enterprise AI operates under Globant's corporate security and compliance framework, which is continuously validated through external audits and certifications.
The main standards we support include:
- ISO/IEC 27001: Corporate and project-level certified information security management system.
- SOC 2 Type II: Certified at the enterprise level, with full product-level SOC 2 Type II certification for our SaaS environment.
- GDPR and CCPA: Design aligned with international privacy regulations.
Regular security reviews, privacy impact assessments, and annual external penetration tests are conducted to ensure ongoing protection and compliance.
The protection of our clients' data is at the core of our architecture. We apply end-to-end security measures throughout the information lifecycle:
- Encryption: AES-256 at rest and TLS 1.2+ in transit.
- Zero data retention: Client data and results are not stored or used to train models.
- Data ownership: The client retains full ownership of their data and generated outputs.
- Secure deletion: Data is irreversibly deleted upon contract termination, following international best practices.
GEAI integrates with the client's corporate identity systems to ensure secure and controlled access:
- Single Sign-On (SSO) and Multi-Factor Authentication (MFA).
- Role-Based Access Control (RBAC) under the principle of least privilege.
- Regular reviews of permissions and access.