Security and Compliance
Compliance
Compliance information for TextLayer Core
Compliance and Security Standards
TextLayer Core is designed with security and compliance in mind, supporting organizations in meeting various regulatory requirements while delivering AI-powered capabilities. This page outlines the compliance standards supported by TextLayer Core and how it helps organizations meet these requirements.SOC 2 Type II
Overview
System and Organization Controls (SOC) 2 Type II is an auditing standard developed by the American Institute of CPAs (AICPA) that evaluates an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy.How TextLayer Core Helps
TextLayer Core supports SOC 2 Type II compliance through:- Comprehensive Audit Trails: All operations involving LLM queries, embedding generation, and tool executions are automatically logged and traced in Langfuse.
- Access Controls: Role-based access control for all services and data stores.
- Encryption: Data encryption both in transit and at rest.
- Monitoring and Alerting: Real-time monitoring of system activities with configurable alerts for suspicious behaviors.
- Disaster Recovery: Built-in capabilities for backup and recovery of critical data.
HIPAA
Overview
The Health Insurance Portability and Accountability Act (HIPAA) establishes standards for protecting sensitive patient health information from being disclosed without the patient’s consent or knowledge.How TextLayer Core Helps
TextLayer Core supports HIPAA compliance through:- PHI Protection: Configurable data handling to protect Protected Health Information (PHI).
- Access Controls: Strict controls on who can access sensitive health information.
- Audit Logging: Complete audit trails of all data access and modifications.
- Secure Communications: Encrypted communication channels for all data transfers.
- Business Associate Agreements: Support for required legal agreements.
ISO 27001
Overview
ISO 27001 is an international standard for managing information security, providing a framework for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an information security management system (ISMS).How TextLayer Core Helps
TextLayer Core supports ISO 27001 compliance through:- Risk Management: Structured approach to risk identification and mitigation.
- Security Controls: Implementation of technical and organizational measures.
- Continuous Monitoring: Ongoing assessment of security posture.
- Incident Response: Predefined procedures for handling security breaches.
- Documentation: Comprehensive documentation of security policies and procedures.
GDPR
Overview
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area.How TextLayer Core Helps
TextLayer Core supports GDPR compliance through:- Data Minimization: Tools for limiting data collection to what’s necessary.
- Data Subject Rights: Support for handling data access, rectification, and deletion requests.
- Consent Management: Mechanisms for obtaining and managing user consent.
- Data Processing Records: Automated logging of data processing activities.
- Data Protection Impact Assessments: Tools for assessing privacy risks.
Additional Compliance Standards
TextLayer Core also supports compliance with other standards and regulations:FedRAMP
For U.S. government agencies and contractors requiring Federal Risk and Authorization Management Program compliance.PCI DSS
For organizations handling credit card information, ensuring secure processing and storage of payment data.CCPA/CPRA
For businesses serving California residents, supporting California Consumer Privacy Act and California Privacy Rights Act requirements.Implementation Guide
To implement TextLayer Core in a compliant manner:- Review Documentation: Consult the security documentation for detailed implementation guidance.
- Configure Access Controls: Set up appropriate role-based access control.
- Set Up Audit Logging: Enable comprehensive audit logging for all operations.
- Implement Encryption: Configure encryption for data in transit and at rest.
- Establish Incident Response: Develop incident response procedures.