- Background Checks
- Security, HR, & PII Training
- Stringent Vendor Vetting
- Proper offboarding
- Strong Physical Security
Cobalt was built with cybersecurity and data privacy at its core. Cybersecurity is the cornerstone of our account controls, compliance audits, and certifications. It also drives our organizational structure, training priorities, and hiring processes. Our systems were architected from the ground-up according to industry standard best-practices for security and confidentiality.
Cobalt is SOC2 Type II certified and has best-practices in compliance with GDPR, CCPA, POPIA, and HIPAA. Our Security principles and practices are designed around three core pillars —Data, People, and Process— all with the purpose of safeguarding customer data and providing reliable, secure services.
At Cobalt, cybersecurity starts with people. Everyone is held accountable for the security of our company operations — whether they are engineers, operators, or vendors. During onboarding, all Cobalt employees sign an NDA, accept privacy policies, pass background verifications, and complete security, HR, and PII training. Before working with any external vendors, our team does extensive reviews of their procedures and controls. When employees depart, strict employee off-boarding practices ensure critical information remains secure.
In order to perform its safety and security functions, the Cobalt robot collects and processes many types of data. All data on the robot is encrypted at rest using AES-256 and in transit using TLS 1.2. Depending on the data type, it may be stored in the AWS cloud, streamed live to our SOC via a Wireguard VPN tunnel, stored encrypted locally, or destroyed. Cobalt ensures customer data is never shared with unauthorized personnel while maintaining critical data storage, access, and retrieval processes for our clients. All data is logged and routinely audited according to guidelines outlined in NIST 800-92.
We hold our governance around security processes and policies to exceptionally high standards. Cobalt holds SOC 2 Type II with no exceptions for the security, availability, and confidentiality trust principles. We maintain annually-reviewed Disaster Recovery and Business Continuity Plans and have implemented network security and access control measures on all Cobalt devices. We employ our own physical security services at all of our office locations and routinely withstand internal and external OWASP 10 penetration tests.