Cognite doesn't store any GDPR-sensitive information in Cognite Data Fusion. If the customer chooses to store GDPR-sensitive personal data in Cognite Data Fusion, then Cognite Data Fusion provides the needed mechanisms for the customer to comply with GDPR. The customer can label the data which is GDPR-sensitive and retrieve this data upon request.
The Cognite Quality Management system (QMS) is certified according to ISO 9001:2015.
The Cognite Information Security Management system is certified according to ISO 27001. All controls of Annex A in ISO 27001:2013/2017 are included in Cognite's Statement of Applicability. Statement of Applicability is available upon request and under NDA.
Cognite holds a SOC 2® type 2 attestation from a 3rd party independent auditor.
SOC 2® - SOC for Service Organizations is developed by the American Institute of Certified Public Accountants (AICPA) and focuses on Trust Services Criteria.