Organizational Security
We adhere to strict security policies and procedures that embrace the security, availability, processing, integrity, and confidentiality of our customers’ data.
Employee Background Checks
Every employee undergoes a background verification process. We hire external institutions to verify any criminal records on our behalf, this is done prior the employee joining Kudos.
Security Awareness
We understand that security is not only “IT's job”. That is why we pride ourselves on offering the latest training on Security Awareness Foundations, Phishing Foundations, Common Threats and Social Engineering Red Flags company wide. Security is everyone’s responsibility at Kudos.
Dedicated to your Security & Privacy
Stop. If you want in, we need valid credentials. At Kudos we take suspicious activities very seriously. Furthermore, we make sure credentials are up to date and carefully monitor access requests and approvals.
Internal Audit & Compliance
Kudos employees are required to go through the Corporate Information Security Program by completing a workflow that includes a review and positive acceptance to such policies.
In addition, Kudos maintains an auditable log of employee training provided. We drive a prevailing security and compliance attitude by training and educating our employees to be cyber guardians. Kudos also ensures compliance with Privacy Laws, taking proper steps to always secure the collection, use and disclosure of any personal information.
Threat Response
Kudos have a documented security incident response plan. We appropriately respond to any incidents that threaten the confidentiality, integrity, and availability of digital assets, information systems, and the networks that delivers the information. Our response plan covers the preparation, identification, notification, containment, investigation, and eradication of any data breach. All affected clients are notified of a suspected or confirmed data breach immediately.
Physical Security
Client Environment
From a security perspective, the only integrations with client environments are periodic transfers of eligible users for user provisioning purposes.
Infrastructure Security
Network Security
Data is encrypted in transit and protected by Transport Layer Security (TLS) and at rest using storage layer encryption. Backup data are also encrypted. All data sent or received outside of Kudos data center are encrypted for transmission and all data exchanged inside the Kudos network are encrypted. All exceptions are approved by IT. We also have in place Intrusion Detection System (IDS) and Intrusion Prevention System (IPS).
Encryption
Kudos is dedicated to keeping your information safe and is compliant with the European legislation of General Data Protection Regulation (GDPR).
All Kudos encryptions are done using approved cryptographic modules. Symmetric cryptosystem key lengths are at least 128 bits. Kudos’s key length requirements are reviewed annually as part of the yearly security review and upgraded as technology allows. All private keys for encryption are password protected and not stored in the clear on systems. All sensitive client data is encrypted both in transit and at rest.
Prevention
Kudos have an incident response team operating during business hours as well as a paging / call tree is in place for after-hours alerts. All servers and internal API processes have multiple redundancies and parallel processes for robust service availability.
Identity & Access Control
Single Sign-On (SSO)
Kudos uses single sign-on capability (SSO) throughout all our applications, SSO improves enterprise security by reducing the risk of password fatigue. Therefore, users are deterred from using weak passwords having to remember only one strong password. Kudos uses OneLogin as a Single Sign-On Service which allows user access to other applications from one centralized console. OneLogin grants access to other applications based on permissions granted to an individual’s account.
Strong Passwords
Kudos enforces strong password requirements for all non-SSO accounts to ensure all users are using secure login credentials.
Multi-Factor Authentication (MFA)
To complement our SSO capability, Kudos offers an extra layer of protection in case a password is compromised. MFA enhances security by requiring users to identify themselves by more than a username and password.
Administrative Access
We provide privileged access to authorized personnel only. By adhering the principle of least privilege, Kudos reserves the right to give administrative access to make any configuration changes. Additionally, a privilege access management solution can control credentials accessing the device and commands that can be executed when a session is initiated, providing a complete audit of both commands and sessions.
Security Within the Application
Kudos encrypts every attribute of customer data within the application before it is stored in the database. All passwords within our database are securely stored salted and hashed. Customer content on filesystem is all encrypted. Backup data are as well encrypted.
Development Practices
Source Code Security Scanning
Kudos carry out third-party penetration tests and web application vulnerability assessments. These assessments are evaluated and conducted on a regular basis by both internal Kudos resources and external third-party vendors. Results can be shared, provided a non-disclosure agreement is signed and documented.
Operational Data Security & Redundancy
Logging & Monitoring
All application and infrastructure components are logged and monitored using Enterprise software. Kudos implements and utilizes our Cloud providers native security monitoring.
Please check back occasionally for updates. If you have any questions, please contacts us at info@kudos.com.
