Infrastructure Security
DDoS Protection
Kissflow utilizes a high-quality DDoS protection service that effectively defends against Layer 3, Layer 4, and Layer 7 DDoS attacks, while also allowing legitimate traffic to flow uninterrupted.
Network Segmentation
Kissflow has implemented a network isolation technique to safeguard sensitive information systems against security breaches and ensure their protection.
Monitoring
Kissflow continuously monitors the availability, capacity, and security of its systems, and takes prompt action in case of any deviations.
Vulnerability Management
Kissflow has a well established Vulnerability management program that involves assessing the severity and impact of each vulnerability, prioritizing them based on risk, and implementing appropriate remediation measures to ensure the security and integrity of our systems.
Datacenter Security
AWS and GCP employ world-class physical security measures in their data centers, including stringent access controls, video surveillance, intrusion detection systems, and 24/7 monitoring. These measures safeguard against unauthorized access, physical threats, and provide a secure hosting environment for our platform
Secure Configuration Management
Our procedures ensure secure configuration of operating systems and applications, disabling default passwords and unnecessary features. We define and consistently apply security baselines, track system configuration changes, and align with industry best practices such as CIS.
Disaster Recovery
We have readily available Infrastructure as Code (IaaC) scripts, facilitating rapid deployment of a new environment. Our robust Disaster Recovery (DR) plan ensures business continuity, and annual testing validates its effectiveness in mitigating potential disruptions and minimizing downtime.
Uptime Commitment
We commit to a 99% uptime for our platform, and any failures will result in service credit. You can track our availability and historic uptime at https://status.kissflow.com/
Data Security
Encryption
AES 256, the industry standard for encryption, is utilized to encrypt all data at rest on our platform. Similarly, when data is in transit either within our network or over the internet, it is encrypted using HTTPS with TLS 1.2+ to ensure secure transmission.
Retention and Erasure of Data
Throughout the period of service usage, Kissflow will uphold the maintenance of customer data. However, upon termination of the services, all data will be permanently erased from the production environment within 30 days, and from the backup system within 90 days.
Data Portability
Upon request, customers will have the option to export their data in a machine-readable format, ensuring seamless data portability after the termination of the service.
Application Security
Secure Software Development
We have a well-established change management cycle that ensures all code changes undergo a rigorous authorization, testing, and verification process before being deployed to the production environment. This ensures that only authorized and thoroughly validated code modifications are implemented.
Code Reviews
We adhere to secure coding practices throughout the development process and employ stringent quality gating measures, including static code analysis, to ensure the highest level of code integrity.
Automated Code Deployment
Our CICD pipeline enables secure and automated code movement without manual interventions. It ensures smooth integration, deployment, and adherence to predefined security protocols, enhancing efficiency and reliability.
Organizational Security
Third Party Security Assessment
We conduct security assessments of third-party vendors and review their contracts for security and data protection clauses. We obtain third-party audits or certifications for compliance validation and have a process to assess and manage security risks associated with third-party dependencies. Security incidents involving third-party vendors are promptly investigated and addressed.
Regulatory Compliance
Regular audits are conducted to ensure ongoing compliance, and we have a process to address and rectify any non-compliance issues. Privacy and data protection regulations, such as GDPR or HIPAA, are considered, along with specific compliance requirements of our industry or market. You can track our current compliance to various standards and regulations at https://kissflow.com/compliance
Business Continuity
Kissflow has robust Business Continuity Planning (BCP) guaranteeing uninterrupted service delivery, mitigating risks, and enabling swift recovery from potential disruptions or unforeseen events.
Security Awareness
All employees undergo mandatory security and privacy awareness training program, supported by posters and regular awareness messages, ensuring a culture of vigilance and adherence to security and privacy practices.
