Centaur Labs completes SOC 2 Type II audit to further commitment to data security 

Ali Devaney, Marketing
March 30, 2023

At Centaur Labs, we continually invest in security best practices to safeguard client data. Data security is especially important to us, as many of our clients are AI developers who are building models that leverage sensitive healthcare data. As a part of our on-going security efforts, we are excited to announce that we’ve successfully completed our SOC 2 Type II audit. 

In addition to achieving this important data security milestone, we’re also announcing the availability of new security features that give clients more control over where their data is stored throughout the labeling process. 

SOC 2 Type II Audit - Best-in-class data security to protect sensitive healthcare data

SOC 2 reports focus on how an organization implements and manages controls to mitigate risks associated with the handling and access of data. The SOC 2 audit testing framework is based on the five Trust Services Criteria established by the AICPA -  Security, Availability, Processing Integrity, Confidentiality, and Privacy. These Trust Services Criteria are used to identify the security risks an organization should consider addressing. In order to pass a SOC 2 examination, an organization must address these security risks with controls in areas such as information security, access control, vendor management, system backup, business continuity and disaster relief, and more. Once these controls are in place, a third-party compliance and audit firm evaluates whether those policies, procedures and controls effectively manage the identified risks. 

There are two types of SOC 2 reports - Type I and Type II. A SOC 2 Type I report describes an organization’s systems and whether those systems meet relevant trust principles. The Type II report goes a step further, detailing the operational effectiveness of those systems. 

Centaur Labs completed this more in depth SOC 2 Type II audit, to ensure the most rigorous security controls are in place to safeguard the sensitive data we process on behalf of our many clients across the healthcare ecosystem. We worked with third party audit firm A-LIGN, a technology-enabled security and compliance firm trusted by more than 2,500 global organizations, to complete our SOC 2 Type II audit, covering the Security, Availability and Confidentiality Trust Services Criteria. The report can be made available to current or potential customers upon execution of an NDA. To learn more about our security policies and initiatives, please email us

Announcing new self-hosting capabilities

We’re also announcing the availability of new security features that give clients more control over where their data is stored throughout the labeling process. 

Many companies - especially those with sensitive or regulated patient data - want to limit how often their data is stored outside of their company’s environment. Retaining control over data storage reduces both an organization’s security threat surface area, and its data management complexity. 

Now, with our new self-hosting capabilities, Centaur Labs customers can keep their data in their Amazon S3 bucket, and only temporarily share their data with the Centaur Labs platform via API. This allows customers with highly sensitive data to both leverage our data labeling capabilities, and maximize control over their data storage sites. We hope that this capability - coupled with our best-in-class data security practices demonstrated in our SOC 2 Type II audit - leaves customers confident they can entrust us with their data.

Learn more 

Related posts

January 18, 2022

Centaur Labs recognized in 2021 CB Insights Digital Health 150

We’re humbled and honored to be recognized by CB Insights as one of the top 150 digital health startups in the world!

Continue reading →
February 2, 2022

Just published: effects of disease prevalence and feedback on dermatological decision making

Our research collaboration with Dr. Jeremy M Wolfe just published in Cognitive Research: Principles and Implications.

Continue reading →