Organizational Security
We adhere to strict security policies and procedures that cover the security, availability, processing, integrity, and confidentiality of our customers’ data. People are the weakest link in any organization, our policies and processes ensure that security is one of our primary objectives.
Security and Risk Management Team
The security and risk management professionals at Kudos are committed to ensuring the security of our operations and product.
Security Awareness
We understand that security is not only “IT's job”. That is why we pride ourselves on offering the latest training on Security Awareness Foundations, Phishing Foundations, Common Threats and Social Engineering Red Flags company wide. Security is everyone’s responsibility at Kudos.
Internal Audit & Compliance
An assessment of the effectiveness and efficiency of the internal controls, processes and policies is reviewed by the compliance team continuously and identified deficiencies are remediated promptly.
Attestation and Certificate
Kudos is audited regularly by independent bodies to ensure that we adhere to the most stringent security standards and privacy requirements in the business.
SOC 2 Type II
Kudos SOC 2 Type II report provides assurance that our team has designed an effective system of security controls. Get in touch to read our report.
OneTrust Essentials Attestation Certificate
Kudos® is compliant with the Tugboat Logic (now OneTrust) Attestation Essentials Certificate.
GDPR
Kudos is dedicated to keeping your information safe and is compliant with the European legislation of General Data Protection Regulation (GDPR).
Infrastructure Security
Client Environment
Kudos recognition platform is a multi-tenant cloud-based SaaS platform. Every customer is assigned their own tenant of the Kudos employee recognition Platform, and their data is encrypted and logically separated. It is not accessible to other tenants to prevent unauthorized access.
Encryption
Data stored by Kudos is encrypted at rest in Amazon Relational Database Service (RDS) using the industry standard encryption algorithm. All passwords within our database are securely stored, salted and hashed.
Kudos provides end-end data encryption. Encryption is handled using our cloud provider's key management services. All information traveling between your browser and Kudos is protected from eavesdropping with SSL encryption and TLS 1.2 protocols.
Identity & Access Control
Single Sign-On (SSO)
Kudos uses single sign-on capability (SSO) throughout all our applications, SSO improves enterprise security by reducing the risk of password fatigue. Therefore, users are deterred from using weak passwords having to remember only one strong password. Kudos uses OneLogin as a Single Sign-On Service which allows user access to other applications from one centralized console. OneLogin grants access to other applications based on permissions granted to an individual’s account.
Strong Passwords
Kudos enforces strong password requirements for all non-SSO accounts to ensure all users are using secure login credentials.
Multi-Factor Authentication (MFA)
To complement our SSO capability, Kudos offers an extra layer of protection in case a password is compromised. MFA enhances security by requiring users to identify themselves by more than a username and password.
Administrative Access
We provide privileged access to authorized personnel only. By adhering to the principle of least privilege, Kudos reserves the right to give administrative access to make any configuration changes. Additionally, a privilege access management solution can control credentials accessing the device and commands that can be executed when a session is initiated, providing a complete audit of both commands and sessions.
Security Within the Application
Kudos encrypts every attribute of customer data within the application before it is stored in the database. All passwords within our database are securely stored, salted and hashed. Customer content on filesystem is all encrypted. Backup data are as well encrypted.
Development Practices
Source Code Security Scanning
Kudos carry out third-party penetration tests and web application vulnerability assessments. These assessments are evaluated and conducted on a regular basis by both internal Kudos resources and external third-party vendors.
Reliability, Redundancy & Resilience
Logging & Monitoring
All application and infrastructure components are logged and monitored using Enterprise software. Kudos implements and utilizes our Cloud providers native security monitoring.
Reliability & Disaster Recovery
Our data is secured in the cloud, and we have documented processes for disaster recovery and business continuity. Full back ups are performed hourly and retained for six months. All backups made are encrypted and stored offsite. All servers and internal API processes have multiple redundancies and parallel processes for robust service availability.
Incident Management and Response Plan
Kudos has established policies and procedures to manage security and privacy incidents that threaten the confidentiality, integrity, or availability of information assets, which is reviewed regularly. In the event of a suspected or confirmed incident/breach, affected customers will be notified within 72 hours. There have been no security incidents in the last 12 months.
Kudos have a documented security incident response plan. We appropriately respond to any incidents that threaten the confidentiality, integrity, and availability of digital assets, information systems, and the networks that deliver the information. Our response plan covers the preparation, identification, notification, containment, investigation, and eradication of any data breach. All affected clients are notified of a suspected or confirmed data breach immediately.
Vendor Management
Kudos has established procedures for evaluating and vetting vendors. Kudos has agreements with vendors to ensure they comply with our policies and controls and the security of client data.
Please check back occasionally for updates. If you have any questions, please contacts us at kudossecurity@kudos.com.
