System and Organization Controls 3 (SOC 3) Report

Report on OpenAI’s Description of Its OpenAI API and on the

Suitability of the Design and Operating Effectiveness of Its Controls
Relevant to Security Throughout the Period October 1, 2022, to
December 31, 2022

-0-
TABLE OF CONTENTS

INDEPENDENT SERVICE AUDITOR’S REPORT 1

OPENAI’S MANAGEMENT ASSERTION 4

ATTACHMENT A OPENAI’S DESCRIPTION OF ITS OPENAI API 6

ATTACHMENT B PRINCIPAL SERVICE COMMITMENTS AND

SYSTEM REQUIREMENTS 11
INDEPENDENT SERVICE
AUDITOR’S REPORT

1
INDEPENDENT SERVICE AUDITOR’S REPORT

To: OpenAI

Scope

We have examined OpenAI’s (‘OpenAI’) accompanying assertion titled “OpenAI’s Management

Assertion” (assertion) that the controls within OpenAI’s OpenAI API were effective throughout the
period October 1, 2022, to December 31, 2022, to provide reasonable assurance that OpenAI’s
service commitments and system requirements were achieved based on the trust services criteria
relevant to Security (applicable trust services criteria) set forth in TSP 100, 2017 Trust Services Criteria
for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services
Criteria).

OpenAI uses a subservice organization to provide hosting services. The assertion indicates that
complementary subservice organization controls that are suitably designed and operating effectively
are necessary, along with controls at OpenAI, to achieve OpenAI’s service commitments and system
requirements based on the applicable trust services criteria. Attachment A presents the types of
complementary subservice organization controls assumed in the design of OpenAI’s controls.
Attachment A does not disclose the actual controls at the subservice organization. Our examination
did not include the services provided by the subservice organization, and we have not evaluated the
suitability of the design or operating effectiveness of such complementary subservice organization
controls.

The assertion indicates that certain complementary user entities are necessary, along with controls at
OpenAI, to achieve OpenAI’s service commitments and system requirements based on the applicable
trust services criteria. Attachment A presents the complementary user entity controls assumed in the
design of OpenAI’s controls. Our examination did not include such complementary user entity
controls, and we have not evaluated the suitability of the design or operating effectiveness of such
controls.

Service Organization’s Responsibilities

OpenAI is responsible for its service commitments and system requirements and for designing,
implementing, and operating effective controls within the System to provide reasonable assurance
that OpenAI’s service commitments and system requirements were achieved. OpenAI has also
provided the accompanying assertion about the effectiveness of controls within the System. When
preparing its assertion, OpenAI is responsible for selecting and identifying in its assertion, the
applicable trust service criteria and for having a reasonable basis for its assertion by performing an
assessment of the effectiveness of the controls within the System.

Service Auditor’s Responsibilities

Our responsibility is to express an opinion, based on our examination, on whether management’s

assertion, that controls within the System were effective throughout the period to provide reasonable
assurance that the service organization’s service commitments and system requirements were

2
achieved based on the applicable trust services criteria. Our examination was conducted in
accordance with attestation standards established by the American Institute of Certified Public
Accountants. Those standards require that we plan and perform our examination to obtain reasonable
assurance about whether management’s assertion is fairly stated, in all material respects. We believe
that the evidence we obtained is sufficient and appropriate to provide a reasonable basis for our
opinion.

Our examination included:

• Obtaining an understanding of the System and the service organization’s service commitments
and system requirements.
• Assessing the risks that controls were not effective to achieve OpenAI’s service commitments
and system requirements based on the applicable trust service criteria.
• Performing procedures to obtain evidence about whether controls within the System were
effective to achieve OpenAI’s service commitments and system requirements based on the
applicable trust services criteria.

Our examination also included performing such other procedures as we considered necessary in the
circumstances.

Inherent Limitations

There are inherent limitations in any system of internal control, including the possibility of human error
and the circumvention of controls. Because of their nature, controls may not always operate effectively
to provide reasonable assurance that the service organization’s service commitments and system
requirements are achieved based on the applicable trust services criteria. Also, the projection to the
future of any conclusions about the effectiveness of controls is subject to the risk that controls may
become inadequate because of changes in conditions or that the degree of compliance with the
policies or procedures may deteriorate.

Opinion

In our opinion, management’s assertion, that the controls within OpenAI’s OpenAI API were effective
throughout the period October 1, 2022, to December 31, 2022, if complementary subservice
organization controls and complementary user entities controls were effective, to provide reasonable
assurance that OpenAI’s service commitments and system requirements were achieved based on the
applicable trust services criteria is fairly stated, in all material respects.

Insight Assurance LLC

Tampa, Florida
April 19, 2023

3
OPEN AI’S MANAGEMENT
ASSERTION

4
OPENAI’S MANAGEMENT ASSERTION
We are responsible for designing, implementing, operating, and maintaining effective controls within
OpenAI’s (‘OpenAI’) OpenAI API throughout the period October 1, 2022, to December 31, 2022, to
provide reasonable assurance that OpenAI’s service commitments and system requirements relevant
to Security were achieved. Our description of the boundaries of the System is presented in Attachment
A, titled “OpenAI’s Management Description of the Boundaries of its OpenAI API”, and identifies the
aspects of the System covered by our assertion.
OpenAI uses a subservice organization to provide hosting services. Attachment A indicates that
effective complementary subservice organization controls are necessary, along with controls at
OpenAI, to achieve OpenAI’s service commitments and system requirements based on the applicable
trust services criteria. Attachment A presents the types of complementary subservice organization
controls assumed in the design of OpenAI’s controls. Attachment A does not disclose the actual
controls at the subservice organization.
Attachment A indicates that complementary user entity controls are necessary, along with controls at
OpenAI, to achieve OpenAI’s service commitments and system requirements based on the applicable
trust services criteria. Attachment A presents the complementary user entity controls assumed in the
design of OpenAI’s controls.
We have performed an evaluation of the effectiveness of the controls within the System throughout
the period October 1, 2022, to December 31, 2022, to provide reasonable assurance that OpenAI’s
service commitments and system requirements were achieved based on the trust services criteria
relevant to Security (applicable trust services criteria) set forth in TSP section 100, 2017 Trust Services
Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust
Services Criteria). OpenAI’s objectives for the System in applying the applicable trust services criteria
are embodied in its service commitments and system requirements relevant to the applicable trust
services criteria. The principal service commitments and system requirements related to the applicable
trust services criteria are presented in Attachment B titled “OpenAI’s Principal Service Commitments
and System Requirements.”
There are inherent limitations in any system of internal control, including the possibility of human error
and the circumvention of controls. Because of these inherent limitations, a service organization may
achieve reasonable, but not absolute, assurance that its service commitments and system
requirements are achieved.
We assert that the controls within the System were effective throughout the period October 1, 2022,
to December 31, 2022, if complementary subservice organization controls and complementary user
entity controls were effective, to provide reasonable assurance that OpenAI’s service commitments
and system requirements were achieved based on the applicable trust services criteria.

OpenAI
April 19, 2023

5
ATTACHMENT A
OPENAI’S DESCRIPTION OF ITS SAAS SERVICES SYSTEM

OpenAI LLC (“OpenAI”) is a privately held company established in September 2020 that offers OpenAI
API and natural language processing capabilities as a service via an API. OpenAI is a Delaware limited
liability company headquartered in San Francisco, CA.
SERVICES OVERVIEW

The OpenAI API provides artificial intelligence as a service. The OpenAI API can be applied
to virtually any task that involves understanding or generating natural language, code, or other
content. OpenAI offers a spectrum of models with different capabilities suitable for different
tasks, as well as the ability to fine-tune custom models. These models can be used for
everything from content generation, semantic search and classification and other use cases.
COMPONENTS OF THE SYSTEM USED TO PROVIDE THE SERVICES
The System description is comprised of infrastructure, software, people, data, and procedures.
Infrastructure
The API is deployed as a multi-tenant, software-as-a-service architecture. The OpenAI API’s
application infrastructure is hosted by Microsoft Azure Cloud Services, which provides scalable
computing capacity on cloud infrastructure as a sub-service organization (SSO). The subservice
organization provides physical security and environmental protection controls, as well as managed
services for OpenAI’s infrastructure. SSO’s network security uses an advanced network firewall and
network security capabilities.
OpenAI’s Information Security Policy and security procedures ensure that all OpenAI workstations
(including servers, desktops, printers, etc.) have proper virus protection software, current virus
definition libraries, and the most recent operating system and security patches installed. The IT
department verifies that all known and reasonable defenses are in place to reduce network
vulnerabilities while keeping the network operating. In the event of a virus threat, the antivirus system
will attempt to delete or quarantine the infected file. If the virus cannot be deleted or quarantined, the
infected machine will be disconnected from the network and cleaned manually.
Multiple controls are installed to monitor traffic that could contain malicious programs or code.
Penetration tests are performed annually by a third-party vendor to measure the security posture of
target systems and environments and to expose potential vulnerabilities to the production environment
and data. Email is scanned by the hosted email environment. All employee workstation computers
have a minimum standard hardware and software configuration. IT staff maintains several
replacement computers that can replace workstations in need of repair or maintenance, thereby
disrupting the employee’s workday as little as possible.
Software
OpenAI maintains a list of critical software in use within its environment. The organization also retains
appropriate software license documentation.

6
People
OpenAI employees provide support for the above services. OpenAI employs dedicated team members
to handle all major product functions, including development, operations, and support.
OpenAI has organized employees into the following functional areas:

• Executive Leadership: Responsible for setting the vision, mission, and values of OpenAI, as
well as overseeing the strategic direction, governance, and compliance of the organization.
Also responsible for ensuring alignment of HR policies, practices, and processes with OpenAI’s
culture and objectives.
• Applied AI: Responsible for developing, testing, deploying, and maintaining OpenAI’s Artificial
Intelligence System API product, as well as other AI applications and services. Also
responsible for adhering to security, quality, and performance standards throughout the
software development lifecycle.
• IT: Responsible for managing and maintaining OpenAI’s IT infrastructure, systems, and
networks, as well as providing technical support and guidance to users. Also responsible for
implementing and enforcing security controls, policies, and procedures to protect OpenAI’s
data and assets.
• Security: Oversees the implementation of information security controls for infrastructure and
IT processes; responsible for the design, development, implementation, operation,
maintenance, and monitoring of cyber security controls; communicates information security
risks to executive leadership. This group comprises four teams: Product and Platform, Defense
and Intelligence, Privacy Engineering, and Compliance.
• HR: Responsible for recruiting, hiring, onboarding, and retaining OpenAI’s employees, as well
as providing payroll, benefits, and performance management services. Also responsible for
fostering a diverse, inclusive, and ethical work environment, as well as promoting OpenAI’s
values and culture.
Data
OpenAI defines Customer Data as the electronic data or information submitted by the Customer or
Authorized Parties to OpenAI’s service. Customer data is managed, processed, and stored in
accordance with the relevant data protection and other regulations, with specific requirements formally
established in customer agreements. Customer Data is utilized by OpenAI in delivering its OpenAI
API services. Customer Data is stored according to industry best practices, and access to said data
is restricted to employees whose job function requires it and in accordance with the OpenAI API’s
Privacy Policy and Terms of Use. All data managed, processed, or stored by OpenAI is subject to an
internal classification system defined in our Data Management Policy.
All employees and contractors of OpenAI are obligated to respect and, in all cases, protect confidential
and private data. Customer information, employment-related records, and other intellectual property-
related records are subject to limited exceptions, confidential as a matter of law, and employment
agreements signed by OpenAI employees. Many other categories of records, including Company and
other personnel records and records relating to OpenAI’s business and finances, are, as a matter of
OpenAI policy, treated as confidential. Responsibility for guaranteeing appropriate security for data,
systems, and networks is shared by the Applied AI, IT, and Security departments. IT and Security are
responsible for designing, implementing, and maintaining security protection of the data. They also
retain responsibility for ensuring compliance with the policy. In addition to management and the
technology staff, individual users are responsible for the equipment and resources under their control.

8
OpenAI has policies and procedures in place to ensure proper retention and disposal of confidential
and private data. The retention and data destruction policies define the retention periods and proper
destruction procedures for the disposal of data. These policies are reviewed at least annually. The
destruction of data is a multi-step process. Customer support personnel (AI Specialists) coordinate
the deletion of data with the Applied AI team’s data stores and infrastructure.
The confidentiality of electronic communications is secured to a high standard. Networks are protected
by enterprise-class firewalls and appropriate enterprise-class virus protection is in place. Password
protection with assigned user rights is required for access to the network, application, and databases.
Access to the network, application, and databases is restricted to authorized internal and external
users of the System to prohibit unauthorized access to confidential data.
OpenAI uses centrally managed role-based access control and requires users to be authenticated
prior to the use of any resources. Users’ access requests for resources are validated against the user’s
authorized roles in Azure Active Directory. Employees are authenticated using multi-factor
authentication. Additional access controls include the broad use of single sign-on, device certificates
for single sign-on, and tools to defend against phishing, malware, and other risks borne from general
web activity.
Procedures
Management has developed formal IT policies and procedures exist that describe logical access,
computer operations, change management, incident management, and data communication
standards in order to obtain the stated objectives for network and data security, data privacy, and
integrity for both the Company and its clients and define how services should be delivered. These are
communicated to employees and are located within the organization’s intranet.
Reviews and changes to these policies and procedures are performed annually and are approved by
senior management.
Human Resources Policies and Procedures
OpenAI has formal hiring procedures that are designed to ensure that new team members are able to
meet or exceed the job requirements and responsibilities. All candidates go through interviews and
assessments of their education, professional experience, and certifications. Background checks are
performed for all newly hired employees before the start date and include a review of their criminal
records.
During the onboarding process, the new employees review the Code of Conduct and any other
relevant policies and procedures relevant to their role. Newly hired employees are required to sign an
acknowledgment of receipt and understanding of the Code of Conduct. These policies and procedures
are also available to employees through internal document stores. Security awareness training is also
completed at least annually by all employees that include the areas of security and confidentiality to
communicate the security implications around their roles and how their actions could affect the
organization.
Ongoing performance feedback is provided to all employees and contractors. Formal performance
reviews are completed annually by management to discuss expectations, goals, and the employee’s
performance for the last year.

9
COMPLEMENTARY SUBSERVICE ORGANIZATION CONTROLS (CSOCs)
OpenAI uses a subservice organization to provide hosting services. Management of OpenAI receives
and reviews the SOC 2 report of Microsoft Azure on an annual basis. In addition, through its daily
operational activities, the management of OpenAI monitors the services performed by Microsoft Azure
to ensure that operations and controls expected to be implemented at the subservice organization are
functioning effectively to meet OpenAI’s service commitments and system requirements based upon
the Security trust services criteria.
The assertion indicates that certain applicable trust services criteria can be met only if the Subservice
Organization controls, assumed in the design of OpenAI controls, are suitably designed and operating
effectively along with related controls at the service organization.
COMPLEMENTARY USER ENTITY CONTROLS (CUECs)
OpenAI’s services are designed with the assumption that certain controls will be implemented by
user entities. Such controls are called complementary user entity controls. It is not feasible for all the
Trust Services Criteria related to OpenAI’s services to be solely achieved by OpenAI control
procedures. Accordingly, user entities, in conjunction with the services, should establish their own
internal controls or procedures to complement those of OpenAI.

The following complementary user entity controls should be implemented by user entities to provide
additional assurance that the Trust Services Criteria described within this report are met. As these
items represent only a part of the control considerations that might be pertinent at the user entities’
locations, user entities’ auditors should exercise judgment in selecting and reviewing these
complementary user entity controls.

● Controls to provide reasonable assurance that user access, including the provisioning and
deprovisioning are designed appropriately and operating effectively.
● User entities are responsible for reporting issues with Open’s systems and platforms.
● User entities are responsible for understanding and complying with their contractual
obligations to OpenAI.
● User entities are responsible for notifying OpenAI of changes made to the administrative
contact information.

10
ATTACHMENT B

OPENAI’S PRINCIPAL SERVICE COMMITMENTS AND SYSTEM REQUIREMENTS

OpenAI designs its processes and procedures related to the OpenAI API System (“System”) to meet
its objectives. Those objectives are based on the service commitments that OpenAI makes to user
entities, the laws and regulations that govern the provision of the services, and the financial,
operational, and compliance requirements that OpenAI has established for the services.
Security commitments to user entities are documented and communicated in customer agreements,
as well as in the description of the service offering provided online.
Security commitments are standardized and include, but are not limited to, the following:
● Security principles within the fundamental designs of the API are designed to permit system
users to access the information they need based on their role in the System while restricting
them from accessing information not needed for their role.
● Use of encryption technologies to protect customer data both at rest and in transit between
clients and the API and between the API and service providers.
● Use of data retention and data disposal upon customer request.

OpenAI establishes operational requirements that support the achievement of security, relevant legal
and regulatory, and other system requirements. Such requirements are communicated in OpenAI’s
policies and procedures, system design documentation, and agreements with customers. Information
security policies define an organization-wide approach to how systems and data are protected. These
include policies around how the service is designed and developed, how the System is operated, how
the internal business systems and networks are managed, and how employees are hired and trained.
In addition, OpenAI specifies how to carry out specific manual and automated processes required in
the operation and development of the OpenAI API.

11