Skip to content
Renaud Yasin
Adopt Claude · The safety case

Claude governance & data-safety brief

Map common enterprise security, legal, and privacy concerns to Claude's enterprise controls — the basis for a conditional 'go' with defined guardrails.

Back to the kit

5 min read · Current as of

Executive summary

Claude can be deployed with enterprise-grade controls that satisfy most large-company requirements: your content is not used to train models by default, identity is centralized through SSO/JIT/RBAC, activity is auditable, and sensitive workloads can run under US-only inference, customer-managed encryption keys, and Zero Data Retention (ZDR). The residual risks (inaccuracy, prompt injection, data handling by users) are well-understood and mitigated through configuration, policy, and training.

This is a vendor-neutral internal assessment template. Specific contractual commitments (DPA, ZDR scope, SLAs, sub-processors, certifications) must be confirmed with your Anthropic account team and reflected in your agreement.


1. Data handling

ConcernControlNotes / verify
Will our prompts/outputs train the model?No model training on your content by default on Team & Enterprise.Confirm in the Commercial Terms / DPA.
Is data retained?Standard retention for abuse monitoring; ZDR available for qualifying use cases (prompts/outputs not stored).ZDR has feature-level eligibility — confirm which features your use cases need.
Where does inference run?US-only inference available (Enterprise); API offers data residency routing (global or us).Confirm regions that meet your data-localization rules.
EncryptionIn transit and at rest; customer-managed encryption keys (CMEK) on Enterprise.Confirm key-management model with account team.

2. Access & identity

CapabilityWhat it gives you
SSO + domain captureCentralized login via your IdP; auto-claim users on your email domain
Just-in-Time (JIT) provisioningUsers provisioned on first SSO login; deprovision via IdP
Role-based access control (RBAC)Admin vs. member roles; workspace segmentation
Spend controlsOrg- and user-level limits to prevent runaway usage/cost

3. Auditability & oversight

  • Audit logs (Enterprise) — administrative and usage events for your SIEM/retention.
  • Compliance API (Enterprise) — programmatic access to usage/compliance data.
  • Usage & Cost reporting — monitor consumption per workspace/team.
  • Admin console — central management of members, workspaces, and keys.

4. Plan-level control comparison

ControlTeamEnterprise
No training on your content (default)
SSO + domain capture
JIT provisioning, RBAC
Spend controls
Audit logs
Compliance API
Customer-managed encryption keys
US-only inference

Confirm exact feature availability per plan and region with your account team; plans evolve.

5. Approved-use data classification (template)

Map your existing data classes to allowed surfaces. Example starting point — adjust to your policy and complete during Security review:

Data classclaude.ai (Team/Ent.)API w/ ZDRNotes
Public✅ AllowedNo restriction
Internal / Confidential✅ AllowedDefault for most knowledge work
Restricted (PII, customer data)⚠️ Conditional✅ w/ controlsMinimize; consider US-only + ZDR; honor privacy obligations
Highly Restricted (regulated, secrets, MNPI, privileged)❌ Until approved⚠️ Case-by-caseRequires explicit sign-off + dedicated controls

6. Residual risks & mitigations

RiskMitigation
Inaccuracy / "confident errors"Mandatory "verify before reliance" policy; human-in-the-loop for decisions; Citations feature for grounded answers
Prompt injection (via web, tools, MCP, documents)Limit tool/MCP scope; treat tool output as untrusted; least-privilege connectors; review autonomous-agent permissions
Data leakage by usersData-classification policy + training (see your staff acceptable-use / do's-and-don'ts guide); approved-class enforcement; DLP where applicable
Shadow IT / personal accountsProvide sanctioned access quickly; SSO + domain capture to consolidate; block unmanaged use per policy
Over-permissioned agents (Claude Code / MCP)Scoped credentials, sandboxing, review/PR gates, hooks for guardrails, CI controls
Third-party/sub-processor exposureReview sub-processor list and certifications; restrict connectors to approved systems

7. Shared-responsibility model

LayerAnthropic[Company] (admins)End users
Model & platform security
No-training default, ZDR, encryption optionsConfigure/contract
SSO, RBAC, spend limits, audit log reviewProvide✅ Configure & monitor
Approved data classes & acceptable useEnable✅ Define & enforce✅ Follow
Verifying outputs before relianceSet policy✅ Do it

8. Pre-rollout controls checklist

  • Plan selected (Team vs Enterprise) to match control requirements
  • DPA / Commercial Terms reviewed; ZDR scope confirmed for sensitive use cases
  • SSO + JIT configured against corporate IdP; deprovisioning tested
  • RBAC roles and workspace segmentation defined
  • Org/user spend limits set
  • Audit-log export to SIEM configured (Enterprise)
  • Approved data-classification matrix finalized and published
  • Acceptable-use policy + your staff do's-and-don'ts guide distributed
  • MCP/connector and Claude Code permission model reviewed (least privilege)
  • Incident & escalation path defined

9. Open questions for the Anthropic account team

  1. Exact ZDR feature eligibility for our intended use cases?
  2. Current certifications/attestations (e.g., SOC 2, ISO 27001) and sub-processor list?
  3. DPA terms, data-deletion SLAs, and breach-notification commitments?
  4. Region/residency guarantees for US-only inference and CMEK specifics?
  5. Retention windows for abuse-monitoring data on non-ZDR paths?

Owner: [Security/Privacy lead] · Reviewed by: [Legal] · Status: [Draft/Approved] · Date: [ ]