At Norm Ai, we prioritize the security of our systems and the data entrusted to us by our clients. This page describes some of the information security practices followed by Norm Ai and is to be used for informational purposes only.

SOC 2

Norm Ai is SOC2 Type 1 & Type II certified. This helps ensure adherence to industry-standard controls and processes to securely manage and protect client data.

Penetration Testing

Norm Ai conducts an annual certified penetration test covering the Norm Ai application with a nationally recognized, independent, third-party penetration testing firm. This test is designed to proactively identify and address potential vulnerabilities in Norm Ai systems.

Software Development Life Cycle

Norm Ai adheres to a documented Software Development Life Cycle. This helps ensure that security best practices are integrated into every phase of the software development process.

Data Encryption

All client data is encrypted in transit and at rest. Norm Ai leverages SHA 256 for data at rest and TLS 1.2 for data in transit. These encryption protocols help ensure that client data remains secure while being transmitted and when stored within Norm Ai systems.

Employee Onboarding

Norm Ai conducts background checks on all employees, and requires all employees to sign binding confidentiality agreements as part of our onboarding process. Norm Ai requires that all employees undergo information security training during their onboarding as well as on a periodic basis thereafter.

System Access

Norm Ai conducts quarterly access reviews for all employees. Norm Ai adheres to the principle of least access for all internal systems handling sensitive data.

Policies & Procedures

Norm Ai maintains a suite of policies and procedures outlining company practices regarding a range of critical items, including, but not limited to, an Employee Handbook and an Information Security Policy.

Devices

Norm Ai implements internal controls including Mobile Device Management and Audit Logging. All Norm Ai devices are centrally managed, and are secured with mobile device management software and anti-malware protection. These measures help monitor and manage access to Norm Ai systems.

Vendor Security

Norm Ai maintains a vendor risk management framework to facilitate the identification of potential risks from third party vendors, as well as to help ensure that any high risk vendors are adhering to adequate information security practices.