Appen Compliance and Certifications
When your goal is to launch world-class AI, our reliable training data gives you the confidence to deploy
Designed with security in mind to ensure your data stays safe and secure
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is an EU regulation that sets guidelines for the collection and processing of personal information from individuals who live in the European Economic Area (EEA). Since the regulation applies regardless of where companies are based, it must be heeded by all companies that attract European visitors which broadens the applicability and thus has become a global standard.
Our security policies and processes, that include data protection, network security, incident response and risk assessment, have been thoroughly evaluated for GDPR compliance. In addition, our technology has been reviewed to ensure support for a comprehensive security program including account management, change management, logging, and backup.
We adhere to GDPR principles as it applies to our 1 million+ contributors that make up our crowd offering. Any information collected about the contributors is processed in compliance with these principles. We take precautions to protect that information and do not release personal data on individuals that are contrary to data privacy laws.
SOC 2 Type II Attestation
SOC2 attestation is a widely recognized gold standard for data security and conforms to the American Institute of Certified Public Accountants (AICPA) standard. It requires companies to establish and follow strict information security policies and procedures.
By achieving SOC2 Type II attestation, an independent third party has validated our security policies, procedures, and controls. SOC 2 Type II audits are the most rigorous process and the reports are the most comprehensive certification. Along with the added rigor that SOC 2 requires, our SOC 2 Type II certification means that you, as well as your customers, can be at ease as your data annotation tasks are managed by a secure, SOC 2 compliant platform and vendor.
Our SOC 2 Type II attestation is a testament to our commitment to enterprise-grade security, privacy, availability, and performance. Going forward, we will perform a SOC 2 examination on an annual basis in order to demonstrate our ongoing commitment to safeguarding your data and improving our security best practices.
The U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides standards for handling an individual’s health information and legally enforces keeping that information private and secure.
We are proud to offer a HIPAA compliant solution. This enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) to use the secure Appen HIPAA environment and HIPAA compliant channel partners to process protected health information.
Our HIPAA compliant solution allows more and more Healthcare industries to explore the possibilities and potential of using AI to improve current Healthcare practices, while still preserving and protecting patient confidentiality - and we’re excited to be a part of these new initiatives.
ISO 27001:2013 is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes.
We provide a suite of secure service offerings including secure facilities that are ISO 27001:2013 accredited around the globe. These offerings provide flexible options to ensure customers meet their data security and specific business needs.
- United Kingdom - Our secure facilities and transcription operations are ISO 9001 and ISO 27001
certified so you can rest assured your data will remain protected and quality controlled. We also hold the Cyber Essentials certification as an additional independent assurance that we have the appropriate levels of protection in place when working with secure data.
- Philippines - Our Cavite PH secure facilities and transcription operations are ISO 27001:2013 certified and Data Privacy Act 2012 compliant so you can be assured your data will remain protected and quality controlled. The cavite facility is Philippine Economic Zone Authority (PEZA) certified.
- China - Our Wuxi CH facility is also ISO27001 certified and ensures it has the required security controls in place to secure the clients data.
In addition, we offer an IS0 27001:2013 accredited Secure Workspaces remote service that ensures the highest levels of security for your data annotation projects while leveraging a global crowd to enable secure remote work. Whether in facility or working remote, our Secure Workspace Solution supports critical business continuity during any type of business disruption – from pandemic to natural disaster. Our global crowd can work on your sensitive projects remotely, without having to access a physical secured facility.