Deep Origin awarded $31.7M ARPA-H contract to replace animal testing with in-silico models. Learn more

Security Policy

Our products are covered in our SOC 2 Type 2 report and have been evaluated by an independent third-party auditor to confirm that our controls align with industry standards for security and confidentiality. Request access to our SOC 2 Report below to learn more about our security controls and compliance activities.

Data Security

Data Backups

Deep Origin captures backups on a regular basis to ensure internal and customer data is protected from loss according to our Business Continuity and Disaster Recovery procedures. All backup materials are encrypted using AES-256.

Data Deletion / Data Retention

Deep Origin may securely retain API inputs and outputs at varying lengths to provide the services and to identify abuse.

Encryption-at-rest

All customer data is encrypted at-rest using AES-256.

Encryption-in-transit

All customer data is encrypted in-transit using TLS 1.2/1.3.

Physical Security

Physical security is managed by AWS.

Application Security

Code Analysis

Deep Origin utilizes peer review, automated testing, and static code analysis to proactively identify issues in our code and third party dependencies.

Credential Management

Deep Origin utilizes standard authentication and authorization mechanisms to securely salt, hash, and store all user credentials.

Secure Development Policy

Deep Origin's Secure Development Policy mandates peer review, automated testing, and static code analysis prior to deployment into production.

Vulnerability & Patch Management

Deep Origin adheres to a formal vulnerability management process.

Web Application Firewall

Deep Origin utilizes WAF services on all points of ingress to monitor web traffic, detect anomalies, and deploy rulesets.

Data Privacy

AI Governance

The company captures regular backups and encrypts backup materials using AES-256.

AI Risk Management

Deep Origin's teams are dedicated to developing a deep understanding of both known and potential unknown risks.

AI Security

Deep Origin's teams are dedicated to implementing system-level mitigations across our products.

AI Training Data and Bias

The organization recognizes the importance of addressing AI safety challenges in training data and potential biases.

Data Breach Notifications

In the event of a data breach involving customer data, notifications will be sent in accordance with the terms of our MSA.

Employee Privacy Training

Personnel perform security and privacy awareness training on an annual basis.

Access Control

Data Access

Deep Origin internal system access is adherent to the principles of least privilege, separation of duties, subject to regular review by administrators.

Logging

The Deep Origin environment is subject to constant monitoring for anomalous activity. Logs are stored in our SIEM Tooling.

Password Security

Deep Origin has a strong internal password policy that includes a requirement for MFA for accounts that do not support SSO.

Infrastructure

AWS

The Deep Origin infrastructure is hosted on Amazon Web Services in multiple regions.

Business Continuity & Disaster Recovery

Deep Origin maintains a Business Continuity and Disaster Recovery plan, which is tested, reviewed and approved annually.

Infrastructure Security

Deep Origin employs infrastructure-as-code (IaC) techniques to securely deploy and manage resources.

Separate Production Environment

Production, staging, and development environments are maintained as distinct entities to safeguard operational integrity and data confidentiality.

Endpoint Security

Disk Encryption

DeepOrigin mandates full-disk encryption for all employee endpoints.

Endpoint Detection & Response

All employee endpoints are protected with an advanced EDR solution.

Mobile Device Management

Deep Origin centrally manages and secures all employee endpoints through a Mobile Device Management (MDM) solution.

Threat Detection

The security team actively monitors for known attacker tactics, techniques, and procedures.

Network Security

Firewall

Deep Origin utilizes a combination of traditional firewalls, AWS (N)ACLs, and KubeArmour policy to secure the infrastructure end-to-end.

IDS

Network activity is logged to identify potential security threats.

Security Information and Event Management

Deep Origin prioritizes the secure and centralized storage of crucial infrastructure logs.

Corporate Security

Asset Management Practices

Deep Origin is committed to maintaining asset management practices that span both virtual and physical assets.

Employee Training

Deep Origin is committed to maintaining a high level of security and privacy awareness among its personnel through comprehensive annual training programs.

HR Security

All new Deep Origin employees undergo a thorough background check and sign a non-disclosure agreement upon joining.

Incident Response

Deep Origin maintains a documented Incident Response Plan.

Internal Assessment

Deep Origin engages in annual risk assessments.

Internal SSO

The company utilizes Single Sign-On technology for internal applications.

Penetration Testing

Deep Origin engages in third-party penetration testing annually and upon the release of new products.

Security Operations Center

Deep Origin operates an in-house Security Operations Center (SOC), managed by our security team.

Policies

The organization maintains numerous documented policies including:

  • Acceptable Use Policy
  • Access Control Policy
  • Code of Conduct
  • Cryptography Policy
  • Data Management Policy
  • Incident Response Policy
  • Information Security Policy
  • Operations Security Policy
  • Risk Assessment/Management Policy
  • Secure Development Policy
  • Third Party Management Policy
  • Vulnerability Management Policy

All policies are regularly reviewed and updated.

Deep Origin Inc.
6000 Shoreline Ct. Ste 325, South San Francisco, CA 94080.

© 2023-Present Deep Origin Inc. All rights reserved.