Clive™ Security & Compliance
We built Clive's security infrastructure for the level of scrutiny that comes with handling enterprise claims data. The platform is SOC 2 Type II certified and compliant with GDPR, HIPAA, and CCPA.
Clive AI’s Certifications and Compliance
Five Sigma holds SOC 2 Type II certification, audited annually by EY. Unlike SOC 2 Type I, which evaluates controls at a single point in time, the Type II certification tests whether those controls are maintained consistently over an extended operating period, typically six to twelve months. Five Sigma also complies with GDPR, HIPAA, and CCPA.
Regulatory Compliance By Geography
Five Sigma’s data protection is compliant across multiple geographical jurisdictions.
- United States: HIPAA and CCPA compliant, with adherence to applicable state-level insurance regulations
- European Union and United Kingdom: GDPR compliant
- Canada, Australia, and New Zealand: applicable data protection laws
Your Data Security
Our infrastructure is built on Google Cloud Platform with AES-256 encryption for data at rest. APIs are secured with rate limiting and IP whitelisting, and the platform undergoes regular security assessments and penetration testing conducted by Komodo Security.
Watch what Google has to say about Five Sigma’s AI technology
Infrastructure and Hosting
The platform is hosted on Google Cloud Platform, which provides the underlying infrastructure for compute, storage, and networking. Google Cloud maintains its own extensive set of compliance certifications including SOC 1/2/3, ISO 27001, and FedRAMP.
Five Sigma is deployed in four Google Cloud regions: United States, United Kingdom, Europe, and Australia.
Encryption
All customer data stored on Five Sigma’s platform is encrypted at rest using AES-256, the same encryption standard used by financial institutions and government agencies for classified information.
API Security
Clive connects to existing claims management systems through secure APIs. All API connections include rate limiting to prevent abuse and IP whitelisting to restrict access to authorized networks. These controls apply to both the integration layer between Clive and the customer’s CMS and to any administrative API access.
Penetration Testing and Vulnerability Management
Five Sigma’s platform undergoes regular security assessments and annual penetration testing conducted by Komodo Security, an independent security firm. These assessments evaluate the platform for vulnerabilities across the application layer, infrastructure, and API endpoints.
Access Controls and Authentication
Five Sigma supports multiple authentication methods to integrate with existing enterprise identity management systems. Authentication is available through API keys, OAuth, and SAML, with session management controls that include configurable timeout periods and re-authentication requirements.
Authorization and Access Control
Five Sigma enforces Role-Based Access Control (RBAC) with granular permission settings applied to each operation within the platform. Access follows the least privilege principle, meaning users are only granted the minimum permissions required for their specific role and responsibilities.
Monitoring and Incident Response
Continuous Monitoring
Five Sigma monitors its platform 24/7 using Sentry for error tracking, Wiz for cloud security posture management, and Coralogix for infrastructure and application monitoring. Logs are aggregated across the platform, maintaining real-time bug tracking with corrective action workflows.
Audit Cadence
Five Sigma undergoes an annual SOC 2 Type II audit conducted by EY, which covers controls over the full audit period. We also conduct internal and external audits (pen testing) on a regular basis.
Incident Response
We maintain a documented incident response process covering detection, classification, escalation, containment, and resolution. In the event of a data breach, Five Sigma provides breach notifications to affected customers.
Employee Security
Our employees receive training on security protocols, with periodic refresher sessions to keep practices current as threats and compliance requirements change.
Secure AI Claims Technology Powered by Google Cloud
Scalable, Compliant, and Private AI for Enterprise Claims Operations
Five Sigma partners with Google Cloud Platform to deliver secure, scalable, and compliant cloud-based claims solutions. Clive uses Google Vertex AI and Gemini LLMs to provide adjusters with AI-powered insights while protecting customer data through encryption, strict privacy controls, regional data residency, and no model-training use of customer information.
Read Google's Case Study
Google has released an in-depth case study
about Clive™.
