Is Cosine SOC 2 / ISO 27001 compliant?
Cosine follows SOC 2 Type II and ISO/IEC 27001 standards for security and data protection. These frameworks guide how we manage access, encryption, monitoring, and operational controls across all deployments.
Current compliance status
Section titled “Current compliance status”- SOC 2 Type II – In audit phase, with certification expected in 2025.
- ISO/IEC 27001 – Implementation in progress, following the latest 2022 controls.
- GDPR and CCPA alignment – Cosine meets key global privacy requirements.
While formal audits are underway, Cosine’s security posture already meets or exceeds the standards required for these certifications. Our infrastructure and policies are modeled directly on SOC 2 and ISO frameworks, ensuring a smooth certification path.
Controls and practices
Section titled “Controls and practices”- Data isolation: Dedicated, encrypted workspaces per customer.
- Encryption: AES-256 at rest, TLS 1.3 in transit.
- Access management: SSO, SCIM, and RBAC.
- Audit logs: Continuous activity tracking and export options.
- Incident response: Documented, tested procedures with defined SLAs.
These are the same controls used in production for enterprise and defense customers with higher-than-standard requirements.
Customer assurance
Section titled “Customer assurance”Even before certification, Cosine meets the compliance expectations of organizations whose policies exceed SOC 2 — including investment banks and defense contractors. Many of these customers deploy Cosine on-premise or in air-gapped environments, giving them full control over their data.
If you require a security review, our team can share:
- Policy documentation (access, data handling, encryption)
- Attestation of compliance status
- Architecture diagrams and network isolation details
Why this matters
Section titled “Why this matters”SOC 2 and ISO 27001 provide independent verification that a company protects customer data with rigor and transparency. For Cosine, these frameworks formalize what’s already true in practice — enterprise-grade security, isolation, and operational excellence.
Related pages
Section titled “Related pages”- How does Cosine handle security, privacy, and IP?
- Where does Cosine run?
- How does Cosine minimise hallucinations and ensure code quality?
→ Next: Does Cosine store code or PII? Can we opt out of training?