Security and Compliance at Kantata

"Security isn’t just something we do; it’s a core part of our business."

TAISON KEARNEY

VP OF BUSINESS SYSTEMS AND INFORMATION SECURITY

MULTI-TENANT

Kantata is a pure multi-tenant Software as a Service (SaaS) application. We separate customer accounts logically at the data layer to protect the security and privacy of your data, while enabling the most sophisticated project collaboration experience available today.

INDEPENDENT AUDIT

Kantata meets or exceeds the standards of SSAE 18 (SOC1 Type II) and AICPA SOC2 Type II and has for the past four years with no exceptions noted. We are audited over the entire calendar year to ensure compliance at the highest possible level and our system controls are audited for effectiveness in addition to design.1

1 SOC Type II reports audit the effectiveness of controls in addition to their design, whereas SOC Type I reports audit design only.

CONTROL YOUR ACCOUNT

Manage user provisioning and system access using your Single Sign-On (SSO) system, or use configurable policies in Kantata. Control what your users can see by using system, project and field-level permissions.

PRIVACY

Kantata is committed to protecting the privacy of your users and your data. Kantata is already compliant with the UK Data Protection Act 1998. Since Q2 2017 we have been running a comprehensive GDPR Compliance Programme which is on track to be compliant prior to the May 2018 deadline.

1. GDPR Compliance Programme:

  • Appointed a Data Protection Office (DPO)
  • Adopted Data Protection by Design Principles
  • Integrated with SOC compliant processes where applicable

2. Gap Analysis Exercise (performed by independent GDPR experts)

  • Personal Data Impact Assessment & Remediation
  • 3rd Party Supplier review

3. New Policies and Procedures developed:

  • Personal Data Inventory
  • New Policies (e.g. Data Breach Notification)
  • Legal review of contracts for GDPR clauses

INDUSTRY LEADING UPTIME

Kantata is committed to providing industry leading uptime across all services, with all planned maintenance occurring outside of US business hours (typically 7-10pm PT). We are hosted on the industry-leading AWS cloud and we operate multiple redundant systems that are resilient to any single point of failure.

QUALITY SOFTWARE

Kantata practices Agile, Test Driven Development (TDD) and Pair Programming to provide exceptional data integrity with a seamless user experience. We have over 45,000 automated tests in our continuous integration pipeline, a dedicated QA team and release updates as often as several times per day.

DATA PROTECTION

Kantata protects all data in transit or at rest using industry standard Transport Layer Security (TLS) and AES encryption. Customer data backups are encrypted and shipped from our primary datacenter (AWS Oregon Region) to multiple off-site locations, including our disaster recovery site (AWS Virginia Region) that houses a live-updated standby database system.

INFORMATION SECURITY

Kantata maintains a secure cloud-based infrastructure hosted with AWS. All systems run an Intrusion Detection System (IDS), are patched regularly and remote access is strictly controlled. Kantata employees requiring access must complete successful background checks and use a secure virtual private network (VPN) connection with two-factor authentication.

24X7X365 MONITORING

Application performance and security is independently audited on an annual basis and is monitored 24x7x365 by our full time in-house Operations team.