C3 AI understands that the security, confidentiality, integrity, and availability of the C3 AI Platform and the C3 AI Applications are critical to customers. C3 AI implements a rigorous Cybersecurity Program to protect critical systems and information assets, constantly monitoring and improving applications, systems, and processes to meet the growing demands and challenges of security.​

Defense in depth

  • A multi-layered security approach that employs technical, physical, and administrative safeguards​
  • Least privilege and separation of duties access model
  • Transport layer encryption and encryption at rest​
  • Extensive logging and monitoring of system and application events​
  • Secure development process, vulnerability and penetration testing

Security Safeguards

Single Sign-On

Customer managed security features

The C3 AI Platform provides extensive self-service security features that enable customers to stay in control and have full transparency into their data at all times. These include:​

  • SAML-based SSO​
  • Multi-Factor Authentication​
  • Role/Attribute-based access control​
  • Virtual Private Clouds/Networks accessible over robust network infrastructure to provide secure and reliable systems

Compliance & certifications​

The C3 AI Cybersecurity Program has been developed to comply with some of the most rigorous legal and regulatory requirements of regulated industries.

  • SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70 Type II)​
  • SOC 2​
  • SOC 3​
  • NIST​
  • FISMA​
  • HIPAA​

Compliance & certifications​