SOC 2 Type 2-Compliant
KnowledgeLake is committed to providing the highest level of security to our customers. KnowledgeLake undergoes an annual 3rd Party System and Organization Controls (SOC) 2 Audit to provide ongoing assurance that we have measures in place to protect your data. KnowledgeLake has a current SOC 2 Type 2 report for our Cloud Platform.
To request a confidential copy of KnowledgeLake’s SOC 2 Type 2 report, please email email@example.com.
KnowledgeLake is Health Insurance Portability and Accountability Act (HIPAA)-compliant and meets the stringent guidelines for securely handling protected health information (PHI).
Data Center and Network Security
We host all our software in Microsoft Azure datacenters. Microsoft provides an extensive list of compliance and regulatory assurances, including SOC 1-3, and ISO 27001. See Microsoft’s compliance and security documents for more detailed information.
KnowledgeLake conducts third-party network vulnerability scans at least annually.
All connections to KnowledgeLake are encrypted.
We use SSL/TLS to encrypt all of our connections, and any attempt to connect over HTTP are immediately redirected to HTTPS. We maintain an A+ grade from Qualys / SSL Labs.
All customer data is stored within separate PaaS databases.
This approach provides our customers with all the benefits of multi-tenant SaaS but with the safeguards and isolation of single-tenant enterprise SaaS. All network traffic is isolated to a dedicated virtual network to further insulate customer information.
All customer data is encrypted in transit and at rest.
System passwords are encrypted using Azure Key Vault with restricted access to specific production systems.
Data access and authorizations are provided on a need-to-know basis.
And data access and authorizations are based on the principle of least privilege. Access to the Azure production tenants is restricted to authorized personnel and is carried out using VPN with multi-factor Active Directory authentication.
Our customers may configure a data retention duration.
Plus all customer data is purged from KnowledgeLake systems subsequent to contract expiration.
We conduct penetration testing by a third party at least annually in addition to our in-house product testing.
KnowledgeLake logins require strong passwords. User passwords are salted, hashed, and stored in an isolated, tenant-specific database.
KnowledgeLake can connect to 3rd party identity management platforms such as Azure Active Directory.
All KnowledgeLake audit information is stored within an isolated and encrypted customer database. This data is surfaced within the Monitor and Configuration Apps. The audit contains a historical record of all operations and events that took place within the environment. KnowledgeLake does not have access to this data unless explicitly shared with us by the customer.
KnowledgeLake maintains a formal incident response plan for major events.
We maintain clear internal security policies.
Our security policies are maintained, communicated, and approved by management to ensure that everyone clearly knows their security responsibilities.
KnowledgeLake policies are reviewed annually as a part of our SOC2 audit. KnowledgeLake follows a well-defined Software Development Life Cycle (SDLC).
Our product engineering teams follow an agile (Kanban) development process with software updates being pushed every 8-12 weeks.
- Every changeset follows a peer review process and checklist to identify potential security vulnerabilities.
- Prior to general availability (GA) for major software updates, KnowledgeLake engages with a 3rd party security consulting company to test for security vulnerabilities.
KnowledgeLake engineers participate in secure code training.
At least annually, our engineers participate in secure code training covering OWASP Top 10 security vulnerabilities and common attack vectors.
To report a security concern, please email firstname.lastname@example.org.