ISO 27001 is a globally recognized standard that sets out the requirements for an information security management system (ISMS). The certification shows that Laser AI has a robust framework of policies, procedures, and controls in place to protect sensitive information from unauthorized access, disclosure, or compromise. To receive its ISO 27001 certification Laser was rigorously assessed by an independent certification body.
Laser AI’s ISO 27001 certification covers all aspects of its operations, including software development, technical support, and hosting services. This comprehensive approach ensures that our systems and processes are designed to identify, manage, and mitigate any risks to the confidentiality, integrity, and availability of its clients' information.
To maintain the ISO 27001 certification, Laser AI will undergo regular audits by an external certification body to ensure ongoing compliance with the standard. These audits ensure that we continually improve our information security management system and adapt to emerging risks and technological advancements.
This certification not only reinforces Laser AI's dedication to information security but also establishes us as a trusted partner for organizations in various industries, including healthcare, research, and government. Clients and partners can confidently rely on our software knowing that their sensitive information is protected by internationally recognized security standards.
This certification is a testament to our multi-year efforts and substantial investments in security and compliance, ensuring that Laser AI is the most secure option for systematic reviews.
The SOC-2 Type 2 certification is an audit that’s independently conducted by a certified public accounting firm. They assess a company's internal controls, security measures, and overall organizational compliance with the Trust Service Criteria of the AICPA (American Institute of Certified Public Accountants). The certification shows that Laser AI's security protocols meet and exceed industry standards, providing clients with the confidence that their sensitive data is protected.
This latest achievement adds to our impressive portfolio of security certifications. Laser AI is the only product in the systematic review automation space to have earned the prestigious ISO 27001 certification, FedRAMP li-SaaS authorization, and now the SOC-2 Type 2 certification. The combination of these certifications sets Laser AI apart from our competitors and underscores our commitment to data security and privacy.
Our FedRAMP certification means that Laser AI can now be integrated securely and efficiently into federal customers’ workflows to accelerate their research.
Laser AI is a cloud-based software platform that uses advanced machine learning techniques to automate and streamline the management of large volumes of scientific data. It speeds up the process, decreases the costs, and improves the quality of literature reviews by allowing overworked human specialists to focus on the essential elements and offload repetitive tasks to the AI-enabled system. Laser AI’s security-by-design approach includes a secure cloud-native platform built using modern DevSecOps technologies, such as Kubernetes.
FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. It helps the government rapidly adapt from old, insecure legacy IT to secure, easy-to-deploy and cost-effective cloud-based solutions.
Our company's compliance is constantly monitored and frequently audited by a competent third party. For a detailed compliance status please view this link.
This Data Processing Agreement ("DPA") forms part of the Terms of Service between the Customer ("Controller") and Laser AI ("Processor") regarding the use of Laser AI services.
Effective Date: Jan 1, 2024
Applicability: This DPA applies to all customers of Laser AI services provided by Evidence Prime.
This DPA applies to the Processing of Personal Data by the Processor in connection with providing Laser AI services, including:
Types of Personal Data processed:
3.1 The Processor shall:
The Processor uses the following
categories of Sub-processors:
a) Platform as a Service (PaaS) hosting:
b) Backup services:
c) NLP model providers:
d) Email services:
e) Monitoring and logging:
The Controller authorizes the Processor to engage Sub-processors, provided that:
5.1 The Processor implements appropriate technical and organizational measures to ensure security appropriate to the risk, including:
6.1 Any transfer of Personal Data outside the EU/EEA shall be subject to appropriate safeguards as required by applicable data protection law.
7.1 The Controller has the right to audit the Processor's compliance with this DPA, provided reasonable notice is given.
8.1 This DPA shall remain in effect for the duration of the Processing of Personal Data by the Processor.
9.1 This DPA shall be governed by the laws applicable to the Terms of Service.
For any questions regarding this DPA, please contact privacy@laser.ai