1. Purpose
This policy establishes the compliance and audit requirements for cloud hosting providers utilized by Speak AI Inc. It ensures that cloud services meet security, privacy, and regulatory compliance obligations through independent audits, contractual controls, and continuous monitoring.
2. Scope
This policy applies to all cloud hosting providers used by Speak AI Inc., including but not limited to Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) providers.
3. Compliance & Security Requirements
3.1 Independent Security Assessments
Cloud providers must undergo independent security audits and provide valid compliance certifications, including but not limited to:
SOC 2 Type II
ISO 27001
NIST 800-53
GDPR Compliance (if applicable)
HIPAA Compliance (if applicable)
PCI-DSS Compliance (if applicable)
Audit reports must be reviewed at least annually to assess ongoing compliance.
3.2 Contractual Obligations
All cloud service agreements must include provisions for:
Data ownership and protection measures.
Incident response obligations and breach notification timelines.
Security responsibilities, including encryption, access control, and data segregation.
The right to request security assessment reports.
Compliance with relevant privacy laws and regulatory requirements.
3.3 Monitoring & Continuous Compliance
Cloud environments must be monitored for security vulnerabilities and misconfigurations.
Automated tools must be used for real-time security logging and event detection.
Cloud security policies must be reviewed regularly to align with evolving threats and regulatory changes.
3.4 Data Protection & Access Control
Data stored in the cloud must be encrypted both in transit and at rest.
Multi-Factor Authentication (MFA) must be enforced for administrative access to cloud resources.
Access to cloud environments must be granted based on the principle of least privilege (PoLP).
Vendor access must be restricted and subject to periodic review.
4. Compliance Validation & Reporting
Speak AI Inc. reserves the right to conduct audits of cloud service providers, either directly or through third-party assessments.
Compliance validation reports must be maintained for regulatory and contractual requirements.
Any significant security findings must be remediated within an agreed-upon timeframe.
5. References & Supporting Documents
Speak AI Third-Party Security Policy: https://help.speakai.co/en/articles/9363522-third-party-security-policy
Speak AI Information Security Program Policy: https://help.speakai.co/en/articles/9363392-information-security-program-policy
6. Contact Information For any inquiries related to cloud hosting compliance and security, please contact [email protected].
This policy will be reviewed periodically to ensure compliance with evolving security standards and regulatory requirements.