All facets of model development and data privacy typically comply with Client’s data privacy and security policies. Such an arrangement ensures that ownership and control remain firmly within the purview of the Client, safeguarding their confidential information throughout the project’s lifecycle. 
 
The following principles are followed: 

• Implement robust access controls and authentication mechanisms to restrict unauthorized access to data and systems. 
• Utilize Virtual Private Cloud (VPC) environments to create isolated network spaces, ensuring data privacy and segregation. 
• Implement multi-factor authentication (MFA) for user authentication, adding an extra layer of security. 
• Utilize SSL/TLS protocols for securing data transmission over networks, safeguarding against eavesdropping and tampering. 
• Implement role-based access control (RBAC) to enforce least privilege access, ensuring that users only have access to the data and resources necessary for their roles. 
• Regularly review and update access permissions based on changes in roles or responsibilities. 
• Ensure compliance with relevant data protection regulations and standards, such as GDPR (General Data Protection Regulation) and HIPAA (Health Insurance Portability and Accountability Act). 
• Conduct regular security audits and assessments to identify vulnerabilities and weaknesses in the infrastructure and applications. 
• Implement robust backup and disaster recovery mechanisms to ensure data integrity and availability in the event of a security breach or system failure.  

The above principles ensure that: 

• No Client data leaves the firewalls of the Client’s environment.  
• The production, staging and development clusters are typically inside the Client’s firewalls.  
• All data on the cluster is accessed through a VPN. 
• No data is copied into laptops and/or other clusters for any reason.