Security as a Solution

Protecting your data goes beyond a basic checkbox—that's why it's our top priority.

Trusted by industry leaders and Fortune 500 companies, CoLab is built to the highest standards of security and data protection. Because you should be able to review critical data with your team and external partners in the safest way possible.

Browse CoLab's Trust Portal
security  connect with aicpa and soc

CoLab’s Security Approach

Browse through this page to see how we approach everything from cloud hosting to SSO to AI. As always, you can reach out to securityteam@colabsoftware.com with any security concerns or visit CoLab’s trust portal to access critical security documentation.

Security FAQs

What Cloud providers are used by CoLab?

Do you support SSO?

Where is customer data stored and processed?

What type of PII is collected by CoLab?

Can CoLab be used for Controlled Goods Data?

Does CoLab provide multi-tenant controls for separation of users and data within the service?

Product Security and Reliability

CoLab offers many security features including SAML SSO, robust authentication, and role-based access controls. All these security features are paired with the most secure application model for day-to-day usage by your end users. CoLab customers have control over sharing, downloading, and access permissions at the admin level—ensuring your most valuable assets never land in the wrong hands.

SSO

Role-Based Access Control

Authentication

Uptime

Cloud Security

CoLab’s security program and its supporting security architecture are built on the foundations of ISO 27002, SOC 2, applicable NIST security controls, and AWS security best practices. In this way, we achieve a level of protection we’re proud to call Security as a Solution.

Physical Security and Data Hosting

Dedicated Security Team

Intrusion Detection and Prevention

Logical Access

Failover and Disaster Recovery

Virtual Private Cloud

Backups

Monitoring

Permissions and Authentication

Encryption

Pentests and Vulnerability Scanning

Security Incident Response

AI Security

Will the data be used to train ReviewAI?

How do you ensure that our organization retains full ownership of all data input into your AI systems?

In what ways does your AI incorporate or support human-in-the-loop mechanisms for critical decision-making?

Do your AI solutions rely on third-party vendors or dependencies? If so, how do you evaluate and secure them?

Application Security

CoLab has established extensive processes and controls to ensure application security. Every CoLab developer receives security awareness training and follows common secure development best practices, such as those defined by OWASP.

Secure Code Development (SDLC)

Framework Security Controls

Quality Assurance

Separate Environments

HR Security

At CoLab we ensure that our employees adhere to the highest security standards by implementing extensive employee background checks and administrative controls.

Training

Policies

Employee Screening

Confidentiality

Compliance

CoLab has built its information protection and cybersecurity program from the ground up with the clear aim of meeting SOC 2 requirements and building customer trust. We’re continuously making improvements to our protection and detection controls, staying on top of industry standards and best practices, and responding to the ever-changing threat landscape.


CoLab has now successfully completed a SOC 2 type 2 audit, achieving a clean audit report with zero findings. Along with our commitments to protecting our customer’s most sensitive intellectual property and maintaining SOC 2 standards, CoLab Software is also registered in the Government of Canada’s Controlled Goods Program (CGP).

Team

Privacy and Terms of Service

For more information on our approach to privacy, or to view the detailed CoLab Terms and Conditions, see here:

Security Concern?

We’re meticulously proactive about security and keeping your data safe. But if you have any questions or concerns, we take each one seriously. Please email securityteam@colabsoftware.com to talk to our Security Team.