Compliance standards and assessments
Atlan adheres to various industry standards and regulations to ensure the security, privacy, and integrity of the platform. This entails conducting both external audits and internal assessments to continuously improve compliance standards.
Following is an overview of Atlan's key compliance certifications and internal assessment practices:
| Compliance | Description | Status | Frequency |
|---|---|---|---|
| ISO 27001 | The Information Security Management System (ISMS) standard ensures data confidentiality, integrity, and availability. | Certified | Annual |
| ISO 27701 | The Privacy Information Management System (PIMS) standard manages PII and ensures compliance with privacy regulations like GDPR and CCPA. | Certified | Annual |
| ISO/IEC 42001:2023 | The AI Management System (AIMS) standard provides a framework for responsible development and use of AI systems. Audited by Prescient Security. | Certified | Annual |
| SOC 2 Type II | The SOC (System and Organization Controls) 2 Type II report attests to the security, availability, confidentiality, and privacy controls for service organizations. | Certified | Annual |
| GDPR | The General Data Protection Regulation (GDPR) is an EU regulation that ensures the protection of personal data by enforcing strict privacy and security measures, along with giving individuals control over their data. Atlan adheres to GDPR through ongoing compliance, including breach notifications, data subject rights, and consent management. | Certified | Annual |
| EU-U.S. Data Privacy Framework | The Data Privacy Framework outlines policies and controls that govern how Atlan handles personal information to ensure data protection and compliance with privacy regulations like GDPR. | Compliant | Annual |
| EU AI Act | The EU AI Act establishes a risk-based regulatory framework for artificial intelligence systems operating in the EU. Atlan's ISO/IEC 42001:2023-certified AI Management System underpins alignment with these requirements. | Aligned | Ongoing |
| HIPAA | HIPAA, or the Health Insurance Portability and Accountability Act, safeguards protected health information (PHI). | Compliant | Annual |
| VAPT assessments | Annual third-party Vulnerability Assessment and Penetration Testing (VAPT) assessments help identify and mitigate potential vulnerabilities within the Atlan platform. | Ongoing | Annual |