- Background Checks
- Security, HR, & PII Training
- Stringent Vendor Vetting
- Proper offboarding
- Strong Physical Security
At Cobalt, cybersecurity starts with people. Everyone is held accountable for the security of our company operations — whether they are engineers, operators, or vendors. During onboarding, all Cobalt employees sign an NDA, accept privacy policies, pass background verifications, and complete security, HR, and PII training. Before working with any external vendors, our team does extensive reviews of their procedures and controls. When employees depart, strict employee off-boarding practices ensure critical information remains secure.
In order to perform its safety and security functions, the Cobalt robot collects and processes many types of data. All data on the robot is encrypted at rest using AES-256 and in transit using TLS 1.2. Depending on the data type, it may be stored in the AWS cloud, streamed live to our SOC via a Wireguard VPN tunnel, stored encrypted locally, or destroyed. Cobalt ensures customer data is never shared with unauthorized personnel while maintaining critical data storage, access, and retrieval processes for our clients. All data is logged and routinely audited according to guidelines outlined in NIST 800-92.
We hold our governance around security processes and policies to exceptionally high standards. Cobalt holds SOC 2 Type II with no exceptions for the security, availability, and confidentiality trust principles. We maintain annually-reviewed Disaster Recovery and Business Continuity Plans and have implemented network security and access control measures on all Cobalt devices. We employ our own physical security services at all of our office locations and routinely withstand internal and external OWASP 10 penetration tests.