Kudos Trust Assurance Center

Kudos takes your security seriously. This dedication is reflected in everything we do – from our people and processes to our data centers and product security.

Your privacy & security is our priority 

To give you peace of mind regarding our security measures, we’ve compiled an in-depth look at our practices.  As a Kudos client, you can rely on us to protect your data and operational security at every step. In addition, Kudos is committed to protecting the data you share with us. For more information, please see our Privacy Policy.

Organizational Security

We adhere to strict security policies and procedures that embrace the security, availability, processing, integrity, and confidentiality of our customers’ data.

Employee Background Checks

Every employee undergoes a background verification process. We hire external institutions to verify any criminal records on our behalf, this is done prior the employee joining Kudos.

Security Awareness

We understand that security is not only “IT's job”. That is why we pride ourselves on offering the latest training on Security Awareness Foundations, Phishing Foundations, Common Threats and Social Engineering Red Flags company wide. Security is everyone’s responsibility at Kudos.

Dedicated to your Security & Privacy

Stop. If you want in, we need valid credentials. At Kudos we take suspicious activities very seriously. Furthermore, we make sure credentials are up to date and carefully monitor access requests and approvals.

Internal Audit & Compliance

Kudos employees are required to go through the Corporate Information Security Program by completing a workflow that includes a review and positive acceptance to such policies.
In addition, Kudos maintains an auditable log of employee training provided. We drive a prevailing security and compliance attitude by training and educating our employees to be cyber guardians. Kudos also ensures compliance with Privacy Laws, taking proper steps to always secure the collection, use and disclosure of any personal information.

Threat Response

Kudos have a documented security incident response plan. We appropriately respond to any incidents that threaten the confidentiality, integrity, and availability of digital assets, information systems, and the networks that delivers the information. Our response plan covers the preparation, identification, notification, containment, investigation, and eradication of any data breach. All affected clients are notified of a suspected or confirmed data breach immediately.

Physical Security

Client Environment

From a security perspective, the only integrations with client environments are periodic transfers of eligible users for user provisioning purposes.

Infrastructure Security

Network Security

Data is encrypted in transit and protected by Transport Layer Security (TLS) and at rest using storage layer encryption. Backup data are also encrypted. All data sent or received outside of Kudos data center are encrypted for transmission and all data exchanged inside the Kudos network are encrypted. All exceptions are approved by IT. We also have in place Intrusion Detection System (IDS) and Intrusion Prevention System (IPS).

Encryption

Kudos is dedicated to keeping your information safe and is compliant with the European legislation of General Data Protection Regulation (GDPR).

All Kudos encryptions are done using approved cryptographic modules. Symmetric cryptosystem key lengths are at least 128 bits. Kudos’s key length requirements are reviewed annually as part of the yearly security review and upgraded as technology allows. All private keys for encryption are password protected and not stored in the clear on systems. All sensitive client data is encrypted both in transit and at rest.

Prevention

Kudos have an incident response team operating during business hours as well as a paging / call tree is in place for after-hours alerts. All servers and internal API processes have multiple redundancies and parallel processes for robust service availability.

Identity & Access Control

Single Sign-On (SSO)

Kudos uses single sign-on capability (SSO) throughout all our applications, SSO improves enterprise security by reducing the risk of password fatigue. Therefore, users are deterred from using weak passwords having to remember only one strong password. Kudos uses OneLogin as a Single Sign-On Service which allows user access to other applications from one centralized console. OneLogin grants access to other applications based on permissions granted to an individual’s account.

Multi-Factor Authentication (MFA)

To complement our SSO capability, Kudos offers an extra layer of protection in case a password is compromised. Multi-Factor Authentication (MFA) is required for access to the production environment. Role-based access controls are always enforced.

Administrative Access

We provide privileged access to authorized personnel only. By adhering the principle of least privilege, Kudos reserves the right to give administrative access to make any configuration changes. Additionally, a privilege access management solution can control credentials accessing the device and commands that can be executed when a session is initiated, providing a complete audit of both commands and sessions. 

Security Within the Application

Kudos encrypts every attribute of customer data within the application before it is stored in the database. All passwords within our database are securely stored salted and hashed. Customer content on filesystem is all encrypted. Backup data are as well encrypted.

Development Practices

Source Code Security Scanning

Kudos carry out third-party penetration tests and web application vulnerability assessments. These assessments are evaluated and conducted on a regular basis by both internal Kudos resources and external third-party vendors. Results can be shared, provided a non-disclosure agreement is signed and documented.

Operational Data Security & Redundancy

Logging & Monitoring

All application and infrastructure components are logged and monitored using Enterprise software. Kudos implements and utilizes our Cloud providers native security monitoring.

Please check back occasionally for updates. If you have any questions, please contacts us at info@kudos.com.