Tokenization provides a powerful approach to securing sensitive data by replacing it with non-sensitive equivalents, or tokens, which have no exploitable value. In the SmartAssesor platform, tokenization is used to ensure that sensitive data is never shared with  3rd party AI providers.  This means that sensitive data is never used for training AI models, and it reduces the risk of the data being intercepted and refactored. This technique is effective in protecting many data types, including personal information, financial data, and health records, offering a robust layer of security that significantly reduces the risk of data breaches. 

Encryption is a foundational component of cyber security, ensuring that data is unreadable to anyone who does not have the appropriate decryption key. For organisations transitioning to AI-driven processes, it is crucial that all data, whether in transit or at rest, is encrypted using strong encryption protocols. Encrypting data in transit protects it from interception as it moves across networks, while encryption at rest secures stored data from unauthorised access. Together, these measures ensure that sensitive information is protected at all stages of the data lifecycle.

The implementing of strong Role-Based Access Control is core component of SmartAssessor in managing who has access to specific data and functionalities within the platform. RBAC allows organisations to restrict access based on the user's role within the organisation, ensuring that only authorised personnel can view or manipulate sensitive data. This reduces the risk of insider threats and minimises the potential for human error, which can lead to data breaches. 

To ensure that SmartAssessor is secure, Sendient engages in regular penetration testing and web application testing with CREST approved companies. These tests simulate cyber-attacks to identify and address vulnerabilities before they can be exploited by malicious actors. By continually seeking out and resolving these vulnerabilities, Sendient can stay ahead of potential threats and maintain a high level of security. These reports can be shared with clients, to demonstrate that the platform is maintained to the highest levels of cyber security practice. 

Sendient has built SmartAssessor to align with international security standards such as ISO 27001 and Cyber Essentials Plus. ISO 27001 offers a comprehensive approach to establishing, implementing, maintaining, and continually improving an information security management system. Cyber Essentials Plus, focuses on protecting organisations from common cyber threats. By aligning with these standards, Sendient can demonstrate their commitment to cyber security and ensure that their AI-driven processes are underpinned by robust security practices. 

Multi-Factor Authentication (MFA) adds an additional layer of security by requiring users to provide multiple forms of verification before gaining access to SmartAssesor. This approach significantly reduces the risk of unauthorised access, even if login credentials are compromised.  SmartAssessor also integrates with several industry recognised SSO deployments, including those from Microsoft and Google.  This allows employees to access SmartAssessor in a secure and consistent fashion, with centrally controlled authentication and authorization functions being delivered from the core.