Security standards

Kisi holds two crucial company certifications—ISO 27001 and SOC 2—showcasing its dedication to strong information security measures. Additionally, Kisi adheres to rigorous data protection compliances, including GDPR, CCPA, and NDAA, ensuring the highest level of privacy and security for its users' data.

Company certifications

ISO 27001

Kisi is ISO 27001 certified. The ISO 27001 standard is a globally recognized information security standard developed and maintained by the International Organization for Standardization (ISO) and provides the specification for an information security management system or ISMS.

Organizations using an ISMS, especially one that conforms to ISO 27001, can ensure compliance with a host of laws, including the high-profile GDPR general data protection regulation and the network and information systems regulations, or MIS regulations.

The ISO 27001 standard is the centerpiece of the ISO 27000 series, a set of multiple information security standards that together form a widely recognized framework for managing information security best practices. These standards provide a framework of specifications, codes of conduct, and best practices for securing information assets.

In order to achieve this certification, Kisi's compliance was validated by an independent auditor.

Benefits of being ISO 27001 certified

1. Secure information: ISO 27001 helps protect all forms of information whether digital, paper-based or stored in the cloud.
2. Increased cyber attacks resilience: Detect and reduce cyber threats early. Kisi is conducting penetration tests at least once per year, as part of ISO 27001.
3. Protecting the confidentiality, integrity and availability of the data: ISO 27001 helps to ensure that the information is
   • Confidential: Not available or disclosed to unauthorized people entities or processes.
   • Whole: Complete and accurate, and protected from corruption.
   • Available: Accessible and usable as and when authorized users require it.
4. Compliance with business, legal, contractual and regulatory requirements: ISO 27001 certification is also in line with rigid regulatory requirements such as the GDPR (General Data Protection Regulation), the NIS Directive (Directive on security of network and information systems) and other cyber security laws.

For more information, please check our guide on ISO 27001 Compliance.

SOC 2

Kisi is SOC 2 certified. SOC 2 (System and Organization Controls 2) is a globally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). This certification is a formal evaluation and attestation of Kisi's controls over the security, availability, processing integrity, confidentiality, and privacy of customer data.

Benefits of being SOC 2 certified

1. Security controls: Comprehensive assessment of security controls.
2. Trust and assurance: Provides trust and assurance to customers.
3. Compliance framework: Meets regulatory and industry compliance.
4. Data protection: Demonstrates commitment to protecting customer data.
5. Independent auditing: Conducted by certified third-party auditors.
6. Risk management: Evaluates and mitigates security risks.
7. Continuous improvement: Promotes ongoing enhancement of security practices.
8. Transparent reporting: Detailed reports on control effectiveness.

Data protection & regulations compliance

1. GRPR - European data protection regulation ensuring privacy rights for individuals
2. CCPA - California data privacy law protecting consumer personal information
3. NDAA - Defense-related procurement regulations
4. TAA - Procurement rules for US government agencies