Governance

Monterey AI establishes policies and controls, monitors compliance with those controls, and proves the security and compliacne to third-party auditors.

Employees are trained on security best-practices, are required to review, understand, and accept policies, and are granted the minimal access possible to data and applications required to perform their job duties.

Compliance Standards

Monterey AI is SOC 2 Type II compliant. Contact support@monterey.ai to request our latest report.

Data Security

  • Data is encrypted at rest and in-transit.
  • Data is backed-up regularly and stored long-term for recovery purposes.

Product Security

  • Penetration testing is performed annually by a third-party firm, covering all cloud infrastructure and application code.
  • Vulnerability scanning is performed continuously, and vulnerabilities are remediated per the following SLAs:
    • Critical: 14 days
    • High: 30 days
    • Medium: 60 days
    • Low: 90 days
  • Security training is provided to all employees annually.