// Trust & Security Report

    Domino Data Lab, Inc. logo

    Domino Data Lab, Inc.

    Enterprise AI platform for building, scaling, and governing AI applications across model development, MLOps, collaboration, and regulatory compliance. Includes Domino Platform, Domino Cloud (SaaS), Domino Nexus (multicloud), and Domino Governance (policy enforcement).

    Certifications held

    8

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    Domino Data Lab Achieves ISO 9001:2015 Certification, and SOC 2 Type II Compliance with Zero Findings. Achievement Date: September 16, 2025. Audit Result: Zero findings (strongest possible outcome).

    Verify on domino.ai
    ISO 27001:2022
    HELD

    Domino Data Lab maintains a risk-based security and quality program aligned with ISO 27001 and ISO 9001. Our governance framework includes formal oversight, documented controls, continuous monitoring, and independent external audits. ISO/IEC 27001:2022 certification current.

    Verify on trust.domino.ai
    ISO 9001:2015
    HELD

    Domino Data Lab Achieves ISO 9001:2015 Certification, and SOC 2 Type II Compliance with Zero Findings. Achievement Date: September 16, 2025. Internationally recognized quality management system standard that ensures consistent delivery of products and services meeting enterprise and regulatory requirements.

    Verify on domino.ai
    GDPR (compliance posture)
    HELD

    Domino Cloud is GDPR compliant. Domino Cloud achieved GDPR compliance as of October 2023. The platform provides mechanisms for submitting General Data Protection Regulation requests, enabling organizations to fulfill their obligations as data controllers under GDPR regulations.

    Verify on domino.ai
    HIPAA (compliance posture)
    HELD

    Domino Cloud is HIPAA compliant. Achieved October 2023. John Brunn, Domino's CISO, emphasizes that HIPAA compliance ensures sensitive patient health information (PHI) is secure and patient privacy will always be protected. Single-tenant SaaS within dedicated infrastructure with AES-256 encryption at rest and TLS 1.2 in transit.

    Verify on domino.ai
    FIPS 140-2
    HELD

    Domino Cloud achieved FIPS certification in their 5.11 release to support federal customers meeting FIPS standards while developing AI models with sensitive data. FIPS-compliant solutions employ robust encryption techniques to safeguard confidential information from unauthorized access.

    Verify on domino.ai
    GxP (Good Practice Guidelines for regulated industries)
    HELD

    Domino is deployed in a DoD IL5 environment and delivers the traceability and governance required for GxP processes. Platform is deployed in environments with DISA STIG and DoD IL5 requirements, is contracted for IL6 deployments.

    Verify on domino.ai
    21 CFR Part 11 (FDA pharmaceutical compliance)
    HELD

    The platform supports compliance with 21 CFR Part 11 (FDA pharmaceutical regulations), EudraLex (European pharmaceutical regulations), and WHO Annex 5 (World Health Organization guidelines).

    Verify on domino.ai

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Single-tenant SaaS: each customer resides in their own AWS VPC and subaccount. Supports regional access restrictions and local data processing via Domino Nexus for data sovereignty requirements.

    No evidence that Domino trains on customer data. Platform is designed for regulated industries (life sciences, finance, public sector) where data protection is critical. Search results indicate: 'The platform addresses risks where private data may leak through careless use in model training,' suggesting Domino provides governance tools to prevent data leakage rather than training on customer data themselves. Domino Governance solution allows customers to manage and enforce policies across the AI lifecycle.

    // Security controls

    Encryption at Rest

    AES-256 encrypted with KMS (Key Management Service)

    domino.ai

    Encryption in Transit

    TLS 1.2 for data in motion; Istio service mesh for intra-cluster encryption in transit when enabled via CA certificates

    domino.ai

    Network Isolation

    Single-tenant architecture: each customer resides in dedicated AWS subaccount and within their own VPC; no data mixing across deployments

    domino.ai

    Access Control

    Granular role-based access control (RBAC); corporate SSO credential integration; Kubernetes pod security contexts

    domino.ai

    Testing & Validation

    Code reviews, SAST (static application security testing), DAST (dynamic application security testing), third-party penetration testing

    domino.ai

    Monitoring & Audit

    Vulnerability assessments, security monitoring with third-party auditing, regular patching, data backups; full traceability of code, models, data, and environments for experiment recreation and compliance documentation

    domino.ai

    Government Deployment Support

    Deployed in DoD IL5 environments; contracted for IL6 deployments; approved solution in Iron Bank (Navy container registry); supports FISMA, NIST 800-53, and FedRAMP requirements

    domino.ai

    // Products & data scope

    Domino PlatformMLOps / AI Development

    data: On-premises or customer-managed cloud deployments; full control over data residency

    Core platform for building AI systems and applications. Model factory for development, App Hub for scaling to users, Governance Center for compliance. Supports model factory, app deployment, and governance.

    Domino CloudSaaS / Managed Deployment

    data: Single-tenant AWS infrastructure (customer-specific VPC); regional isolation support

    GDPR and HIPAA compliant SaaS deployment option. October 2023 compliance achievement. Includes governance features, full traceability, and compliance automation.

    Domino NexusMulticloud / Hybrid

    data: Supports multicloud and hybrid deployments; regional data residency and local processing

    Single pane of glass for multicloud and hybrid data science. Enables data sovereignty and local processing requirements.

    Domino GovernanceCompliance / Policy

    data: Applied across entire AI lifecycle

    Policy management and enforcement for the full AI lifecycle. Embeds compliance checks and automates audit readiness. Helps prevent private data leakage in model training.

    // At a glance

    Pricing model

    Enterprise SaaS with seat-based and usage-based options; custom on-premises licensing available

    Self-hostable

    Yes

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Domino Data Lab, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.domino.ai

    > Browse all vendor trust reports