Compliance

Meeting the highest standards for data protection, security, and regulatory compliance in the autonomous vehicle industry

Compliance Framework

RareSift maintains compliance with international standards and regulations to ensure the highest level of data protection, security, and operational integrity for autonomous vehicle development teams worldwide.

SOC 2 Type II

Certified

ISO 27001

Certified

GDPR

Compliant

CCPA

Compliant

SOC 2 Type II

Trust Service Criteria

Certified

Our SOC 2 Type II audit validates the effectiveness of our security controls over time.

  • Security: Protection against unauthorized access
  • Availability: System operational availability
  • Processing Integrity: Complete and accurate processing
  • Confidentiality: Information designated as confidential is protected
  • Privacy: Personal information collection, use, and disposal

Audit Details

Last Audit: December 2024
Next Audit: December 2025
Auditor: Deloitte & Touche LLP
Report Period: 12 months

ISO 27001

Information Security Management

Certified

ISO 27001 certification demonstrates our commitment to information security management best practices.

  • Information security policies and procedures
  • Risk assessment and treatment
  • Asset management and classification
  • Access control and user management
  • Incident response and business continuity

Certification Details

Certification Date: January 2024
Valid Until: January 2027
Certification Body: BSI Group
Certificate Number: ISO/IEC 27001:2022

Data Protection Regulations

GDPR (EU)

Compliant

Full compliance with the European Union's General Data Protection Regulation.

Data Subject Rights

  • Right to access personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to data portability
  • Right to restrict processing
  • Right to object to processing

Compliance Measures

  • Appointed Data Protection Officer (DPO)
  • Privacy by design implementation
  • Regular privacy impact assessments
  • 72-hour breach notification procedures
  • Consent management systems

CCPA (California)

Compliant

Compliance with the California Consumer Privacy Act and CPRA amendments.

Consumer Rights

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information
  • Right to non-discrimination for exercising privacy rights
  • Right to correct inaccurate personal information

Implementation

  • Consumer request portal
  • Automated data discovery and mapping
  • Vendor assessment program
  • Privacy policy transparency
  • Staff training and awareness programs

Industry-Specific Standards

Automotive Standards

  • ISO 26262: Functional Safety for Road Vehicles
  • ISO 21448: Safety of the Intended Functionality (SOTIF)
  • SAE J3016: Taxonomy of Driving Automation
  • NHTSA Guidelines: AV Policy Framework

AI/ML Standards

  • ISO/IEC 23053: AI Risk Management
  • IEEE 2857: AI Engineering Standards
  • NIST AI RMF: AI Risk Management Framework
  • Explainable AI: Model transparency requirements

Cloud Security

  • CSA CCM: Cloud Controls Matrix
  • FedRAMP: Federal Risk Authorization
  • NIST CSF: Cybersecurity Framework
  • Cloud Native Security: Container and K8s security

Continuous Monitoring

Automated Compliance

Real-time compliance monitoring and automated reporting for all regulatory requirements.

  • Continuous control monitoring
  • Automated compliance reporting
  • Policy compliance validation
  • Risk assessment automation
  • Audit trail maintenance

Regular Assessments

Internal Audits: Monthly
External Audits: Annually
Penetration Testing: Quarterly
Compliance Review: Bi-annually

Legal & Regulatory

Global Compliance

Staying current with evolving regulations across all jurisdictions where we operate.

  • Regulatory change monitoring
  • Legal counsel consultation
  • Cross-border data transfer compliance
  • Local data residency requirements
  • Industry best practice adoption

Contact Information

Compliance Officer: compliance@raresift.com
DPO (GDPR): dpo@raresift.com
Legal Team: legal@raresift.com
Privacy Requests: privacy@raresift.com

📋 Compliance Documentation

Access our latest compliance certificates, audit reports, and documentation.

SOC 2 Report

Type II - 2024

ISO 27001 Certificate

Valid 2024-2027

GDPR Assessment

2024 Review

Penetration Test

Q4 2024

* Some documents may require NDA or be available only to enterprise customers

← View Security InformationBack to Home →