Appen Compliance and Certifications



When your goal is to launch world-class AI, our reliable training data gives you the confidence to deploy



Image


Image
Companies are increasingly relying on third-party platforms for their critical data annotation needs to increase the accuracy of their machine learning models, increase efficiencies within their business process and launch their AI initiatives. Their reliance requires greater trust and transparency into platform providers' operations, procedures, and processes.




Image

Designed with security in mind to ensure your data stays safe and secure


At Appen, we are committed to ensuring we deliver the highest standards of security for our customers and are proud to be compliant and accredited with a range of standards and certifications. In scenarios with confidential customer information such as Personally Identifiable Information (PII), Protected Health Information (PHI), financial data, or government records, it is critical to work with the right partner to ensure you have the proper tools and resources to work with sensitive data. With over 20 years' experience working with leading global companies and over 7,500 AI projects scoped and deployed to date, you can be sure Appen will give you the confidence to deploy world-class AI.




Appen is proud to offer our customers the highest-level security in accordance with the following standards:
Image

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is an EU regulation that sets guidelines for the collection and processing of personal information from individuals who live in the European Economic Area (EEA). Since the regulation applies regardless of where companies are based, it must be heeded by all companies that attract European visitors which broadens the applicability and thus has become a global standard.

Our security policies and processes, that include data protection, network security, incident response and risk assessment, have been thoroughly evaluated for GDPR compliance. In addition, our technology has been reviewed to ensure support for a comprehensive security program including account management, change management, logging, and backup.

We adhere to GDPR principles as it applies to our 1 million+ contributors that make up our crowd offering. Any information collected about the contributors is processed in compliance with these principles. We take precautions to protect that information and do not release personal data on individuals that are contrary to data privacy laws.

Image

SOC 2 Type II Attestation

SOC2 attestation is a widely recognized gold standard for data security and conforms to the American Institute of Certified Public Accountants (AICPA) standard. It requires companies to establish and follow strict information security policies and procedures.

By achieving SOC2 Type II attestation, an independent third party has validated our security policies, procedures, and controls. SOC 2 Type II audits are the most rigorous process and the reports are the most comprehensive certification. Along with the added rigor that SOC 2 requires, our SOC 2 Type II certification means that you, as well as your customers, can be at ease as your data annotation tasks are managed by a secure, SOC 2 compliant platform and vendor.

Our SOC 2 Type II attestation is a testament to our commitment to enterprise-grade security, privacy, availability, and performance. Going forward, we will perform a SOC 2 examination on an annual basis in order to demonstrate our ongoing commitment to safeguarding your data and improving our security best practices.

Image

HIPAA

The U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides standards for handling an individual’s health information and legally enforces keeping that information private and secure.

We are proud to offer a HIPAA compliant solution. This enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) to use the secure Appen HIPAA environment and HIPAA compliant channel partners to process protected health information.

Our HIPAA compliant solution allows more and more Healthcare industries to explore the possibilities and potential of using AI to improve current Healthcare practices, while still preserving and protecting patient confidentiality - and we’re excited to be a part of these new initiatives.

Image

ISO27001

ISO 27001:2013 is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes.

We provide a suite of secure service offerings including secure facilities that are ISO 27001:2013 accredited around the globe. These offerings provide flexible options to ensure customers meet their data security and specific business needs.

  • United Kingdom - Our secure facilities and transcription operations are ISO 9001 and ISO 27001
    certified so you can rest assured your data will remain protected and quality controlled. We also hold the Cyber Essentials certification as an additional independent assurance that we have the appropriate levels of protection in place when working with secure data.
  • Philippines - Our Cavite PH secure facilities and transcription operations are ISO 27001:2013 certified and Data Privacy Act 2012 compliant so you can be assured your data will remain protected and quality controlled. The cavite facility is Philippine Economic Zone Authority (PEZA) certified.
  • China - Our Wuxi CH facility is also ISO27001 certified and ensures it has the required security controls in place to secure the clients data.

In addition, we offer an IS0 27001:2013 accredited Secure Workspaces remote service that ensures the highest levels of security for your data annotation projects while leveraging a global crowd to enable secure remote work. Whether in facility or working remote, our Secure Workspace Solution supports critical business continuity during any type of business disruption – from pandemic to natural disaster. Our global crowd can work on your sensitive projects remotely, without having to access a physical secured facility.