Webinar | How enterprise taxonomies + Gen & Agentic AI unlock next-level automation | Register Now!
Safeguard Customer Data, Ensure Compliance, and Build Trust With Industry-Hardened GenAI Security
Squirro AG has engaged A-LIGN Compliance and Security, Inc. as an independent auditor to conduct a SOC 2 Type I and Type II assessment under the Security criteria of the AICPA Trust Services Criteria. The organization is actively working towards obtaining the SOC 2 report, demonstrating the effectiveness of its security controls in protecting customer data and ensuring a robust information security posture.
As part of this effort, Squirro AG is implementing and refining its security controls to align with SOC 2 requirements. The company is currently preparing for the Type I assessment, which evaluates the design of controls at a specific point in time, followed by the Type II assessment, which assesses the operational effectiveness of controls over a defined period. This initiative reflects Squirro AG's commitment to maintaining high security standards and strengthening trust with customers and stakeholders.
At Squirro AG, we are committed to ensuring compliance with the General Data Protection Regulation (GDPR) by implementing strict data protection measures and maintaining transparency in our data processing practices. As a data processor and controller, we safeguard personal data through ISO 27001-certified security controls, encryption, and access restrictions.
We provide data subject rights under GDPR, including access, rectification, erasure, restriction, and portability. Users can request to review, modify, or delete their personal data in accordance with legal and regulatory obligations. Our Data Protection Officer (DPO) oversees compliance, ensuring adherence to privacy principles such as data minimization, purpose limitation, and security by design.
For international data transfers, we apply EU-approved Standard Contractual Clauses (SCCs) or ensure that adequate safeguards are in place. We conduct regular data protection impact assessments (DPIAs) and uphold privacy by default across our services.
For GDPR inquiries or data requests, users may contact our DPO
Squirro encrypts data in transit (SSL/TLS protocols, TLS 1.2 or higher) and at rest (AES-256 encryption) to ensure the confidentiality and integrity of sensitive data.
We use Drata to automate 24/7 compliance checks and get real-time alerts on any control drift to identify and address AI security risks. Our Trust Portal shows the live security status of all controls, policies and certificates.
AI Guardrails
By integrating customizable AI Guardrails, the platform ensures AI responses are precise, compliant, and aligned with enterprise policies, thereby bolstering safety and reducing legal and operational liabilities.
Secure Deployment
Squirro offers various deployment options to meet industry-specific security requirements, including fully on-premises, virtual private cloud, multi-cloud, and hybrid deployments.
Access Control
Squirro uses query templates for ACL-based access control, filtering user queries based on data retrieved from the login authority, e.g., active directory to ensure that information is only visible to authorized users .
Secure Authentication
The Squirro platform supports SSO via any identity provider that supports SAMLv2 and offers a pluggable framework for custom integrations, giving IT teams full control over the authentication and authorization process.
Incident Detection
Squirro has processes in place for managing and resolving emerging AI security threats, technical incidents, and service disruptions, including incident detection systems for rapid identification and response to potential security breaches.
Network Segregation
Squirro can enhance AI data security by enabling network segregation for sensitive data using various methods including dedicated private cloud accounts, virtual private clouds, and subnets
Indexing Control
Squirro enforces granular permissions, ensuring sensitive data is only accessed by authorized users and reducing security risks in Generative AI applications in alignment with your organization's AI security policy.
Privacy Layer
The privacy layer safeguards sensitive data across all interactions, preventing personal identifiable information (PII) that can be used to identify an individual from being exposed by generative AI solutions.
Audit Logs
Squirro's comprehensive audit logs provide an immutable record of all activity, crucial for revealing suspicious behavior, aiding incident response, and ensuring robust compliance and seamless auditability.
Transparent Incident Reporting
Squirro transparently reports security incidents to ensure minimal disruptions to customer activity and maintain customer trust.
Squirro ensures your data's security within generative AI applications with comprehensive ISO 27001-certified security management. We encrypt data in transit using SSL/TLS protocols (TLS 1.2 or higher) and data at rest with AES-256 encryption to guarantee confidentiality and integrity. The Squirro Enterprise GenAI Platform robustly enforces Access Control Lists (ACL) and other controls to protect sensitive corporate and customer information across our GenAI applications.
Squirro supports stringent compliance by offering flexible deployment options (on-premises/private cloud) for data residency and agnostic LLM integration, giving you full control. Coupled with granular access controls, robust audit logging, and encryption, Squirro addresses AI security concerns by ensuring transparent and secure data management, meeting regulations like GDPR and CCPA.
Squirro empowers organizations with granular control over data access through robust Access Control List (ACL) enforcement and role-based access controls (RBAC), allowing you to define precisely who can access specific datasets, features, or GenAI outputs. This enhances GenAI data privacy by ensuring that sensitive information is only retrievable and usable by authorized personnel, aligning with your internal security policies.
Squirro transparently reports security incidents to ensure minimal disruptions to customer activity and maintain customer trust.
Yes, Squirro has passed security assessments by the EPCO in the EU, allowing procurement by institutions in this key market.
Yes, our platform is subject to regular penetration tests by cacilian.com, a renowned third-party provider, to identify AI security vulnerabilities and preempt generative AI security risks.
Schedule a meeting or request a demo today to see how Squirro can elevate your business with trusted AI.