Secure Data Analytics with Sigma

Sigma sits atop your existing cloud database and uses a secure connection to query your data warehouse directly.
Sigma writes a query to access the data needed to answer your question and returns the result in the browser.

Access sigma security page

Compliance and Assurance

Sigma adheres to global privacy laws and security standards with measures in place to help our customer compliance requirements. The following is the current list of reports available to all customers and prospects under NDA. Kindly reach out to your account team for copies of reports as applicable to your organization.

General Data Protection Regulation (GDPR)

At Sigma, we firmly support GDPR in both practice and philosophy.  We work with our customers in the European Economic Area to assure compliance with personal data handling requirements and cross-border transfer requirements under GDPR.

As a processor, we process data on behalf of our customers.  We expect that some of our customers will require us to enter into a data processing addendum (“DPA”), per Article 28 of GDPR.

Sigma uses several subprocessors, but the majority of our obligations hinge on our primary subprocessor: Google Cloud Platform. Read more about Google Cloud Platform’s commitment to GDPR here. And for a full list of our subprocessors, click here.

California Consumer Privacy Act ( CCPA )

Sigma will support any removal request from any state/country as long as it is valid and made by a qualified party.

For information on how to exercise your rights or if you are an authorized agent wishing to exercise rights on behalf of a California resident, please use this link.

Health Insurance Portability and Accountability Act (HIPAA)

Sigma has completed a Health Insurance Portability and Accountability Act (HIPAA) third-party attestation. This assures that Sigma has a HIPAA compliance program with proper controls in place for safeguarding protected health information (PHI). Sigma will sign a Business Associate Agreement (BAA) with our healthcare customers.

SOC 1 Type II

Sigma has completed a SOC 1 Type II report to validate our process and controls around financial reporting. This ensures that our customers can have confidence in Sigma and our platform for many years to come.

SOC2 Type II

Sigma leverages best practices for security controls as part of our data security program. We work with AICPA-certified, third-party auditors to evaluate our information security system controls.

SOC 3

Sigma maintains a SOC 3 report which is the public report of security controls. It is a summarized version of the SOC 2 report and provides validation that Sigma has completed an independent third-party audit against the AICPA’s Security Trust Principles.

You can download the report here.

Privacy Shield

Sigma complies with the EU-US and Swiss-US Privacy Shield frameworks as set forth by the US Department of Commerce with respect to the collection, use, and retention of personal data transferred from the European Union, the United Kingdom, Switzerland, and the United States.

Sigma has certified with the Department of Commerce that we adhere to the Privacy Shield principles.

For more information about the Privacy Shield program, and to view Sigma’s Privacy Shield certification, please visit https://www.privacyshield.gov/list.

TruSight

Auditor Trusight

Sigma has completed the comprehensive Trusight audit to validate the controls according to TruSight's BPQ requirements. The TruSight report is available for financial clients to request via TruSight to fulfill their Third Party Risk Management (TPRM) obligations.To purchase the Comprehensive Assessment of Sigma's audit report, contact info@trusightsolutions.com

ISO 27001 Certification


The International Organization for Standardization 27001 Standard (ISO 27001) is an information security standard that ensures Sigma Computing is adhering to the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). This certification is valid for 3 years (renewal audits) and has annual touch point audits (surveillance audits).

CSA Star Level 1


The CSA Star Consensus Assessments Initiative Questionnaire (CAIQ) offers an industry-accepted way to document what security controls exist in the SaaS services & provide security control transparency.

Product Security

Ensuring our product meets the robust data security needs of our customers is a top priority at Sigma.

  • OAuth for Snowflake

    Easy for Sigma to leverage data permissions established in Snowflake.

  • AWS PrivateLink

    Traffic between Sigma and the CDW stays on an AWS private connection.

  • Single sign-on (SSO)

    Use SAML, Okta, OneLogin, GSuite, or your favorite identity provider.

  • Row-level security

    Ensure users only see the data for which they're authorized.

  • Role-based access control

    Create flexible roles and permissions that determine how your users can engage with your data.

Sigma Security Bounty

Sigma Computing is committed to delivering a secure experience for our customers and has established a bounty program for users to report security-related issues associated with our service to us. Testing on the main Sigma application (app.sigmacomputing.com) is not allowed. Testing should be restricted exclusively to the instances provided on the bug reporting page.

Platform and Organizational Security

Sigma invests heavily in having an exceptional security program and ensuring we exceed industry standards.Sigma takes a security-by-design approach to protecting your data. We build our platform using best practices for highly available, scalable, and secure cloud applications.

Access sigma security page

Contact Us

If you have any question, reach out to us

We are Sigma.

Sigma is a cloud analytics platform that uses a familiar spreadsheet interface to give business users instant access to explore and get insights from their cloud data warehouse. It requires no code or special training to explore billions of rows, augment with new data, or perform “what if” analysis on all data in realtime.