Security and Compliance at Kantata
"Security isn’t just something we do; it’s a core part of our business."
VP OF BUSINESS SYSTEMS AND INFORMATION SECURITY
Kantata is a pure multi-tenant Software as a Service (SaaS) application. We separate customer accounts logically at the data layer to protect the security and privacy of your data, while enabling the most sophisticated project collaboration experience available today.
Kantata meets or exceeds the standards of SSAE 18 (SOC1 Type II) and AICPA SOC2 Type II and has for the past four years with no exceptions noted. We are audited over the entire calendar year to ensure compliance at the highest possible level and our system controls are audited for effectiveness in addition to design.1
1 SOC Type II reports audit the effectiveness of controls in addition to their design, whereas SOC Type I reports audit design only.
CONTROL YOUR ACCOUNT
Manage user provisioning and system access using your Single Sign-On (SSO) system, or use configurable policies in Kantata. Control what your users can see by using system, project and field-level permissions.
Kantata is committed to protecting the privacy of your users and your data. We have certified our services, for which we act as data processor, under the EU-U.S. and Swiss-U.S. Privacy Shield Framework.
INDUSTRY LEADING UPTIME
Kantata is committed to providing industry leading uptime across all services, with all planned maintenance occurring outside of US business hours (typically 7-10pm PT). We are hosted on the industry-leading AWS cloud and we operate multiple redundant systems that are resilient to any single point of failure.
Kantata practices Agile, Test Driven Development (TDD) and Pair Programming to provide exceptional data integrity with a seamless user experience. We have over 45,000 automated tests in our continuous integration pipeline, a dedicated QA team and release updates as often as several times per day.
Kantata protects all data in transit or at rest using industry standard Transport Layer Security (TLS) and AES encryption. Customer data backups are encrypted and shipped from our primary datacenter (AWS Oregon Region) to multiple off-site locations, including our disaster recovery site (AWS Virginia Region) that houses a live-updated standby database system.
Kantata maintains a secure cloud-based infrastructure hosted with AWS. All systems run an Intrusion Detection System (IDS), are patched regularly and remote access is strictly controlled. Kantata employees requiring access must complete successful background checks and use a secure virtual private network (VPN) connection with two-factor authentication.
Application performance and security is independently audited on an annual basis and is monitored 24x7x365 by our full time in-house Operations team. Kantata also operates a responsible disclosure program through HackerOne to incentivize third-party security researchers.