Security and Compliance at Kantata
"Security isn’t just something we do; it’s a core part of our business."
VP OF BUSINESS SYSTEMS AND INFORMATION SECURITY
Kantata is a pure multi-tenant Software as a Service (SaaS) application. We separate customer accounts logically at the data layer to protect the security and privacy of your data, while enabling the most sophisticated project collaboration experience available today.
Kantata meets or exceeds the standards of SSAE 18 (SOC1 Type II) and AICPA SOC2 Type II and has for the past four years with no exceptions noted. We are audited over the entire calendar year to ensure compliance at the highest possible level and our system controls are audited for effectiveness in addition to design.1
1 SOC Type II reports audit the effectiveness of controls in addition to their design, whereas SOC Type I reports audit design only.
CONTROL YOUR ACCOUNT
Manage user provisioning and system access using your Single Sign-On (SSO) system, or use configurable policies in Kantata. Control what your users can see by using system, project and field-level permissions.
Kantata is committed to protecting the privacy of your users and your data. Kantata is already compliant with the UK Data Protection Act 1998. Since Q2 2017 we have been running a comprehensive GDPR Compliance Programme which is on track to be compliant prior to the May 2018 deadline.
1. GDPR Compliance Programme:
- Appointed a Data Protection Office (DPO)
- Adopted Data Protection by Design Principles
- Integrated with SOC compliant processes where applicable
2. Gap Analysis Exercise (performed by independent GDPR experts)
- Personal Data Impact Assessment & Remediation
- 3rd Party Supplier review
3. New Policies and Procedures developed:
- Personal Data Inventory
- New Policies (e.g. Data Breach Notification)
- Legal review of contracts for GDPR clauses
INDUSTRY LEADING UPTIME
Kantata is committed to providing industry leading uptime across all services, with all planned maintenance occurring outside of US business hours (typically 7-10pm PT). We are hosted on the industry-leading AWS cloud and we operate multiple redundant systems that are resilient to any single point of failure.
Kantata practices Agile, Test Driven Development (TDD) and Pair Programming to provide exceptional data integrity with a seamless user experience. We have over 45,000 automated tests in our continuous integration pipeline, a dedicated QA team and release updates as often as several times per day.
Kantata protects all data in transit or at rest using industry standard Transport Layer Security (TLS) and AES encryption. Customer data backups are encrypted and shipped from our primary datacenter (AWS Oregon Region) to multiple off-site locations, including our disaster recovery site (AWS Virginia Region) that houses a live-updated standby database system.
Kantata maintains a secure cloud-based infrastructure hosted with AWS. All systems run an Intrusion Detection System (IDS), are patched regularly and remote access is strictly controlled. Kantata employees requiring access must complete successful background checks and use a secure virtual private network (VPN) connection with two-factor authentication.
Application performance and security is independently audited on an annual basis and is monitored 24x7x365 by our full time in-house Operations team.