// Trust & Security Report
Domino Data Lab, Inc.
Enterprise AI platform for building, scaling, and governing AI applications across model development, MLOps, collaboration, and regulatory compliance. Includes Domino Platform, Domino Cloud (SaaS), Domino Nexus (multicloud), and Domino Governance (policy enforcement).
Certifications held
8
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on domino.ai“Domino Data Lab Achieves ISO 9001:2015 Certification, and SOC 2 Type II Compliance with Zero Findings. Achievement Date: September 16, 2025. Audit Result: Zero findings (strongest possible outcome).”
Verify on trust.domino.ai“Domino Data Lab maintains a risk-based security and quality program aligned with ISO 27001 and ISO 9001. Our governance framework includes formal oversight, documented controls, continuous monitoring, and independent external audits. ISO/IEC 27001:2022 certification current.”
Verify on domino.ai“Domino Data Lab Achieves ISO 9001:2015 Certification, and SOC 2 Type II Compliance with Zero Findings. Achievement Date: September 16, 2025. Internationally recognized quality management system standard that ensures consistent delivery of products and services meeting enterprise and regulatory requirements.”
Verify on domino.ai“Domino Cloud is GDPR compliant. Domino Cloud achieved GDPR compliance as of October 2023. The platform provides mechanisms for submitting General Data Protection Regulation requests, enabling organizations to fulfill their obligations as data controllers under GDPR regulations.”
Verify on domino.ai“Domino Cloud is HIPAA compliant. Achieved October 2023. John Brunn, Domino's CISO, emphasizes that HIPAA compliance ensures sensitive patient health information (PHI) is secure and patient privacy will always be protected. Single-tenant SaaS within dedicated infrastructure with AES-256 encryption at rest and TLS 1.2 in transit.”
Verify on domino.ai“Domino Cloud achieved FIPS certification in their 5.11 release to support federal customers meeting FIPS standards while developing AI models with sensitive data. FIPS-compliant solutions employ robust encryption techniques to safeguard confidential information from unauthorized access.”
Verify on domino.ai“Domino is deployed in a DoD IL5 environment and delivers the traceability and governance required for GxP processes. Platform is deployed in environments with DISA STIG and DoD IL5 requirements, is contracted for IL6 deployments.”
Verify on domino.ai“The platform supports compliance with 21 CFR Part 11 (FDA pharmaceutical regulations), EudraLex (European pharmaceutical regulations), and WHO Annex 5 (World Health Organization guidelines).”
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Single-tenant SaaS: each customer resides in their own AWS VPC and subaccount. Supports regional access restrictions and local data processing via Domino Nexus for data sovereignty requirements.
No evidence that Domino trains on customer data. Platform is designed for regulated industries (life sciences, finance, public sector) where data protection is critical. Search results indicate: 'The platform addresses risks where private data may leak through careless use in model training,' suggesting Domino provides governance tools to prevent data leakage rather than training on customer data themselves. Domino Governance solution allows customers to manage and enforce policies across the AI lifecycle.
// Security controls
Encryption in Transit
TLS 1.2 for data in motion; Istio service mesh for intra-cluster encryption in transit when enabled via CA certificates
domino.aiNetwork Isolation
Single-tenant architecture: each customer resides in dedicated AWS subaccount and within their own VPC; no data mixing across deployments
domino.aiAccess Control
Granular role-based access control (RBAC); corporate SSO credential integration; Kubernetes pod security contexts
domino.aiTesting & Validation
Code reviews, SAST (static application security testing), DAST (dynamic application security testing), third-party penetration testing
domino.aiMonitoring & Audit
Vulnerability assessments, security monitoring with third-party auditing, regular patching, data backups; full traceability of code, models, data, and environments for experiment recreation and compliance documentation
domino.aiGovernment Deployment Support
Deployed in DoD IL5 environments; contracted for IL6 deployments; approved solution in Iron Bank (Navy container registry); supports FISMA, NIST 800-53, and FedRAMP requirements
domino.ai// Products & data scope
data: On-premises or customer-managed cloud deployments; full control over data residency
Core platform for building AI systems and applications. Model factory for development, App Hub for scaling to users, Governance Center for compliance. Supports model factory, app deployment, and governance.
data: Single-tenant AWS infrastructure (customer-specific VPC); regional isolation support
GDPR and HIPAA compliant SaaS deployment option. October 2023 compliance achievement. Includes governance features, full traceability, and compliance automation.
data: Supports multicloud and hybrid deployments; regional data residency and local processing
Single pane of glass for multicloud and hybrid data science. Enables data sovereignty and local processing requirements.
data: Applied across entire AI lifecycle
Policy management and enforcement for the full AI lifecycle. Embeds compliance checks and automates audit readiness. Helps prevent private data leakage in model training.
// At a glance
Pricing model
Enterprise SaaS with seat-based and usage-based options; custom on-premises licensing available
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Domino Data Lab, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.domino.ai