C3.ai uses continuous monitoring methods to ensure C3.ai Application and Customer Data security.
- Application access logging – C3.ai tracks all C3.ai Application access, including failed authentication attempts, and keeps two years of historical records to support reporting and auditing requirements. All successful and unsuccessful access activities are recorded in the system and in application logs, along with username, IP address, action, and date/time of access. Every data change is logged in the system and in application logs.
- Alerting – C3.ai is committed to frequent and transparent customer communication. The C3.ai Cybersecurity Team monitors and alerts customers of suspicious activity including but not limited to multiple failed login attempts, abnormal usage patterns and large data access/downloads. C3.ai has a formal process to notify customers of a verified security breach, theft, or loss of data. High alert (Priority P1) incidents are responded to on a 24×7 basis, with all incidents tracked in a case management system.