Governance and Security

A.2.1. Data Center Operations

C3.ai’s customer systems infrastructure is hosted at well-established cloud data centers like Amazon AWS, Microsoft Azure, and Google Cloud in Northern Virginia, Oregon, and Dublin,Ireland depending on data jurisdiction. These data centers represent that they provide best practice security and reliability features, including secure premises with video surveillance, power supply & backup, precision environmental controls, equipment monitoring, comprehensive security policies & controls, and third-party security compliance and attestation, as described below.

• Secure premises – Facilities are nondescript and unmarked to help maintain a low profile. All visitors must pass through a security check-in before accessing the facility. Biometric scanning controls data center access, and access is available only to data center personnel and contractors who have a legitimate business need for such privileges. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. Data center access is logged and monitored. 24×7 onsite staff provide additional protection against unauthorized entry. CCTV camera monitoring is present at all data center locations. Audit logs for sensitive areas are maintained and reviewed regularly.
• Power supply and backup – Multiple levels of built-in power redundancy provide a high level of availability. Generators and Uninterrupted Power Supply (UPS) units provide backup power sources and prevent power spikes, surges, and brownouts. If a total utility power outage ever occurs, these power systems are designed to ensure that the data centers will continue to operate. The UPS power subsystem is N+1 redundant, with instantaneous failover if the primary UPS fails. If an extended utility power outage occurs, on-site generators can run indefinitely. All on-site generators are tested regularly.
• Precision environment – Heating, ventilation, and air conditioning (HVAC) systems provide appropriate and consistent airflow, temperature, and humidity levels. Every data center’s HVAC system is N+1 redundant. This ensures that a duplicate system immediately comes online should there be an HVAC system failure. Advanced fire suppression systems are designed to stop fires from spreading in the unlikely event one should occur.
• Equipment monitoring – All electrical, mechanical, and life-support systems and equipment are monitored to ensure that any equipment issues are immediately identified. Preventative maintenance is performed to maintain continuous operability of all equipment.
• Third-party compliance and attestation – The data centers are designed and managed in alignment with security best practices and a variety of established IT standards, including SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70 Type II), SOC 2, FISMA, DIACAP, FedRAMP, PCI DSS Level 1, ISO 27001, International Traffic in Arms Regulations (ITAR), and FIPS 140-2.

A.2.2. C3.ai Corporate Processes

• Policies – C3.ai’s Executive Management has instituted a set of policies, procedures, and guidelines to ensure the security of the C3 AI Suite™ and C3 AI Applications. These policies apply to all employees. In cases where additional policies and procedures have been called out, these additional policies and procedures apply to employees with access to designated customer projects with access to sensitive data.
• Corporate security – C3.ai maintains stringent physical security at all offices. Each person with authorized access is provided an electronic key to gain entry and move within the facilities. All visitors are required to sign in and to be escorted by authorized staff.
• Background checks – Background checks, as permitted by law, are mandatory for all employees and contractors. These include, as permitted by law, criminal checks, education and employment verification, and reference checks. Drug testing may be performed for designated customer projects.
• Proprietary information – All employees and contractors are required to sign a Proprietary Information Agreement as a condition of employment. All subcontractor agreements include rigorous confidentiality and non-disclosure clauses.
• Security awareness program – All C3.ai employees are trained on C3.ai’s security policies upon initial hiring and on an annual basis.
• Employee access – Formal procedures govern user accounts for all employees. They regulate user roles and access, as well as the ability to add, delete, and modify user accounts. The C3.ai Human Resources (HR) department provides an immediate alert to the C3.ai Operations Team when an employee has had a change in functional role or has been terminated. C3.ai Operations then modifies or disables system/network/e-mail access as per the HR alerts within 60 minutes of notification. Privileged user accounts are controlled and reviewed every 60 days.
• Asset management – An inventory is kept of all hardware, software, and intellectual property assets. This inventory documents permitted configurations, usage, and access, along with other applicable controls.
• Workstation protection – Anti-virus software is installed on all Microsoft Windows workstations (with daily virus signature updates). Preventative controls, such as screen timeout (5 minutes of inactivity) and session timeouts (configured on a per application basis), are required to prevent unauthorized access to unattended systems. Confidential corporate information stored on workstations must be encrypted. Confidential information is not permitted on removable media.
• Use of USB enabled removable storage media is enabled on a need-to-have basis. If business needs dictate the use of USB enabled removable storage media, technical security controls are put in place (company owned devices only, device encryption) to ensure sensitive data is secured on a USB device. For employees that have access to sensitive data, USB ports are disabled.
• Audits – Multiple security audits are performed regularly, including daily review of user access logs and quarterly review of user access rights and asset policies.

C3.ai applies security best practices to a state-of-the-art network infrastructure to provide a secure and reliable platform.

A.3.1 Data Communication

C3.ai’s data centers maintain redundant relationships with multiple Internet Service Providers, and employ robust routing using the BGP4 networking protocol to allow network traffic to take the best path. All customer data in transit (network connections to C3.ai) is securely transmitted using HTTPS (SSL/TLS) with 4096-bit RSA encryption.

A.3.2 Secure Network Architecture

The C3.ai network architecture is designed to maximize security, scalability, and reliability.

Network access to and from C3.ai customer system infrastructure is controlled by network devices (including firewalls), switching access control lists, and load balancing. These boundary devices employ rule sets, access control lists, and configurations to enforce and monitor the flow of information to the C3.ai servers.

• Firewalls and ports – Multiple network devices provide traffic filtering services. The only open inbound ports and protocols are HTTP, HTTPS, and SMTP. All other ports and protocols are explicitly disabled, thereby preventing worms and other network-based attacks.
• Bastion servers – Bastion servers provide secure connectivity services deployed within customer-dedicated Virtual Private Clouds. Bastion servers are configured with all unnecessary services, protocols, programs, and network ports disabled to minimize the risk of unauthorized users gaining privileged access to customer-dedicated Virtual Private Clouds. Additionally, Bastion hosts are configured with security groups to provide fine-grained ingress control.
• Reverse proxies – Load balancers serve as reverse proxies, distributing system load while further protecting C3.ai application servers from direct access.
• Two-factor authentication – Access to C3.ai servers requires use of a Virtual Private Network with multi-factor authentication and access monitoring.
• Hardening standards – C3.ai follows the National Security Agency’s (NSA) recommended hardening standards for all deployed server instances. These hardening standards are applied at server instantiation and reviewed monthly.
• OS upgrades and patches – Operating system patches are reviewed upon release. Depending on the assessed priority and risk, operating system patches and upgrades are scheduled for implementation in accordance with industry best practices.
• Virtual Private Cloud – C3.ai offers customer-dedicated Virtual Private Clouds. Each Virtual Private Cloud is a private network subnet that isolates customer server instances from any other customer’s deployment. This provides uncompromising cybersecurity while enabling cost-effective system scalability.
• Direct connect – C3.ai offers customers the options of Virtual Private Network (VPN) encrypted tunnels and private lines to connect to C3.ai’s data centers, thereby ensuring secure transmission along with the option to completely bypass internet service providers (public internet) in the network path.
• Development, staging and production environments – C3.ai implements independent development, staging, and production environments for all customer deployments, thereby further protecting the security and reliability of production systems.
• C3.ai corporate segregation – C3.ai’s internal corporate network is segregated from all customer systems, further restricting unnecessary access to production systems.

C3.ai has implemented comprehensive defense-in-depth customer data security and protection, encompassing data access administrative controls, data encryption, user roles, and data retention/destruction.

A.4.1. Administrative Controls

• Data access – Access to Customer Data is restricted to authorized personnel only, according to documented processes. Only those C3.ai personnel explicitly identified in an application implementation role have access to customer systems. For application implementation personnel, customer system access is promptly deactivated as soon as the implementation is complete and access is no longer necessary. Access to all servers is limited, logged, and tracked for auditing purposes.
• Data security policies – Customer Data Handling and Secure Document Destruction policies are enforced for the management of all sensitive information. All C3.ai employees are trained on documented information security and privacy procedures. C3.ai’s Cyber Security Team performs quarterly reviews of C3.ai personnel who have access to customer environments and systems, to track activity and validate access.
• Data and environment separation – Each C3.ai customer has separate databases with distinct access controls. C3.ai implements independent development, staging and production environments for each customer system deployment. C3.ai’s internal corporate network is segregated from all customer environments.
• Data classification – All C3.ai employees and contractors have been educated on the C3.ai data classification policy and must apply these policies in their daily C3.ai business activities. Sensitive information is either Confidential or Restricted information. This data classification policy is applicable to all electronic information and paper documentation for which C3.ai is the custodian.

All electronic information managed by C3.ai must have a designated owner. Owners are responsible for assigning appropriate sensitivity classifications as generally described below, subject to adjustments based on specific customer’s data.

• Restricted — This classification applies to the most sensitive confidential business information.
• ePHI — This classification applies to “electronic protected health information,” or ePHI, according to The Health Insurance Portability and Accountability Act of 1996.
• Confidential — This classification applies to less-sensitive confidential business information.
• Public —This classification applies to information that is not subject to confidentiality restrictions.

Data Owners are responsible for decisions about who will be permitted to gain access to information, and the uses to which this information will be put. C3.ai has policies and procedures in place to ensure that appropriate controls are utilized in the storage, handling, distribution, and regular usage of electronic information as described in this document.

A.4.2 Data Encryption, Protection, and Destruction

• Data encryption – C3.ai implements enterprise class encryption to provide added data security. Customer Data at rest is encrypted using 256-bit SHA-2 encryption. Any Customer Data in motion is securely transmitted using HTTPS (SSL/TLS) with 4096-bit RSA encryption.
• Data protection – C3.ai implements comprehensive data protection and recovery measures in accordance with the following established industry best practices. Data backups are performed on a nightly basis and are replicated to a designated backup C3.ai data center. The backup data center is geographically separated and independent from a customer’s assigned primary and secondary C3.ai data centers. All ePHI backup is encrypted and backup data is transferred in a secure, encrypted manner using HTTPS (SSL/TLS) with 4096-bit RSA encryption, and is securely stored in encrypted form at a backup facility. To facilitate rapid data restoration, the primary backup method is an encrypted, hardware-level replication. Backups can be restored and end-user accessible within eight hours of process initiation. Backup data restoration is tested on a monthly basis. All backup activity, including transport, storage, and access, is logged and regularly audited to ensure proper handling.
• Data destruction – C3.ai applies data destruction measures in accordance with established industry guidelines. Standard backup Customer Data retention is 30 days, after which it is permanently destroyed. C3.ai’s Operations Team permanently destroys all Customer Data at the end of the applicable contract, including then-existing customer databases and backup repositories. All Customer Data destruction is logged and regularly audited.

A.4.3. Application Security

• Role-based access – C3 AI Application access for end-users is controlled via user roles. These roles control security and access rights for standard users, super users, and administrators.
• Application access segmentation – End-user application access can also be restricted based on data values. For example, customer end-users can be granted access to only the assets, accounts, or geographic regions that are necessary for their areas of responsibility.
• Network IP access – Each customer’s access to C3 AI Applications can be restricted to specific networks and locations (configurable via designated IP space whitelisting and/or blacklisting).
• Single Sign-On (SSO) – C3.ai enables customers to use their existing end-user authorization systems to manage access to the C3 AI Applications. C3.ai supports SSO integration with any version of LDAP or Active Directory that supports SAML.v2.
• Login information protection – To prevent password guessing attacks, account access is automatically suspended after a configurable number of unsuccessful password entry attempts.
• Configurable password parameters – Customer system administrators can configure the complexity, length, and expiration requirements of end-user application passwords to adhere to their existing corporate standards.
• Configurable application session timeout – C3 AI Application session timeout can be configured on a per-customer basis, adhering to their existing corporate standards.

A.5.1. Security Monitoring

A.6.1. Scalable Architecture

A.6.2. Secure Code Development Process

C3.ai’s software development process follows the Open Web Application Security Project (OWASP) standards for building secure applications, including mandatory internal review by the C3.ai Cybersecurity Team. The C3.ai software development cycle includes stringent code review, as well as integration and regression testing prior to release with internal and external testing tools to check for security vulnerabilities. Static code analysis tools are run as a part of the standard software build process, and all deployed software undergoes recurring penetration testing. All test results are shared with the C3.ai Engineering Team and any detected issues are resolved prior to final product release.

A.7. THIRD-PARTY CERTIFICATIONS AND ATTESTATIONS

The C3.ai Cybersecurity Program has been developed to comply with applicable legal and regulatory requirements, including compliance with the NERC CIP smart grid cybersecurity standards. This program encompasses a comprehensive set of cybersecurity controls and business processes based on NIST best practices that align with the NERC CIP (versions 3 and 4) standards.

To objectively verify adherence to these processes, C3.ai works with industry auditors that bring additional levels of scrutiny to the security of C3.ai Applications and the processes that govern how they are developed, tested, deployed, and supported. C3.ai has successfully completed multiple third-party security tests, including source code reviews, software vulnerability testing, and penetration testing.

For SaaS and PaaS offerings, C3.ai uses data centers that are regularly audited for a variety of established IT security standards, including:

• SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70 Type II)
• SOC 2
• SOC 3
• NIST
• FISMA
• DIACAP
• FedRAMP
• PCI DSS Level 1
• ISO 27001
• International Traffic in Arms Regulations (ITAR)
• FIPS 140-2
• HIPAA