Risk Management
Narrative Science conducts quarterly risk assessments of our control environment, which includes the processes, people, and technologies used to deliver our products to our customers.
Third-Party Vendor Risk Assessment
Narrative Science has an established vendor-evaluation process to ensure we properly vet any potential third-party subprocessors. Our security team is heavily involved in early conversations with third-party vendors to ensure they pass our requirements prior to being utilized in our applications or systems. We ensure that all vendors that have access to customer information meet or exceed all security and business requirements. To the best of our ability:
We expect all Third Parties to operate ethically and never commit fraud.
We expect Third Parties to be compliant with laws and regulations.
We expect Third Parties to meet or exceed Narrative Science security requirements.
Training
Narrative Science completed mandatory annual security training for all employees. Engineers also go through additional OWASP training regularly. Additional technical training is provided to engineers, ensuring our engineers keep their relevant certifications current.