SOC 2 safe and secure

Knak is constantly building a culture of security, leveraging the latest technologies and industry best practices to continuously improve the security of our platforms, systems, and organization. We're proud to say that we're SOC 2 compliant, so you can rest assured that your data is safe and secure with us.

How we protect your service data

Key areas of focus for our security & compliance program include:

  • Ongoing SOC 2, Type II compliance
  • Regular third-party pen tests
  • Protection of company personnel equipment (encrypted drives, virus scanners, screen saver lock, automatic OS updates, mobile device management software)
  • Intrusion detection systems with 24/7 monitoring
  • Firewalls and encryption on our server infrastructure
  • Server uptime monitoring (see status page)
  • Ongoing vulnerability scans

People security

Employee background checks

New employees and contractors at Knak undergo both criminal background checks and reference checks before beginning work.

Confidentiality and privacy

Knak employees and contractors sign confidentiality and non-disclosure agreements to ensure confidentiality of all information collected on our systems. Access to customer information is granted based on the least privilege principle, and limited sensitive data is processed. For more information, check out our privacy policy.

Risk management

Risk management plan

To help manage overall risk, Knak reviews our risk management policy, associated plan, and risk mitigation strategies at least annually. Risk management is part of our culture and our business decisions.

Vendor management

Knak has a robust vendor management process, involving security at the early stages of procurement to vet potential vendors for level of risk, type of data processed, and integrations to critical systems. We ensure our vendors have appropriate security controls in place to handle our customer and organization data, reviewing thorough security questionnaires and reports.

Product security

Network management security

Knak server infrastructure

Knak hosts its infrastructure on Amazon Web Services (AWS), deployed in multiple availability zones within the US and replicated in a different region of the US. Learn about AWS security here.

Backup of data

Knak backs up all data on its system using AWS and maintains backups for a period of 90 days. This allows the team to be able to restore information in the event of a failure (which we practice with both table top and technical simulations on an annual basis).

Disaster recovery & business continuity

Knak has a business continuity plan in addition to a disaster recovery plan. We conduct table top and technical simulations on an annual basis and have a “break glass” account if ever the unlikely worst is upon us. Our staff is always ready to to serve our customers, with 99.95% uptime.

Incident response

Knak has an incident response plan in place that is kept top of mind thanks to our partnership with a managed Security Operations Centre (SOC). This managed SOC as a service provides 24/7 continuous monitoring and maintains their own security posture with a SOC2 Type 2 and ISO27001 certification.

Vulnerability management

Endpoint monitoring

Knak uses a mobile device management tool to support endpoint security, and ensures that all devices are up to date and securely encrypted. We also ensure all devices are free from malware with centralized IT and Security tools. Non-technical employees do not have administrative access.

Vulnerability scans

Knak has vulnerability scanning baked into the development process, automatically scanning code before it's pushed to production and involving security to support closing any tickets raised in line with our vulnerability management policy.

Third party penetration testing

Knak works with several external security firms to conduct penetration testing on our application and infrastructure configuration at least annually. Any potential vulnerabilities found are remediated within our vulnerability management SLAs and retested.

Responsible ethical disclosure

Knak is committed to guarding the safety and security of our customers. We follow best practices when it comes to Responsible Ethical Disclosure and receive any security concerns from researchers to security@knak.com.

Access and identity

Permissions and authentication

Knak aligns its policies, processes, and internal security controls to ensure that only those who need access to critical services have access to them. We have complex password security requirements, use a company provisioned password manager, and enforce two-factor authentication and SSO where possible.

Access tracking

Knak tracks all access requests and conducts regular (at least annual) access control reviews. Access is only provisioned based on the principle of least privilege and role-based access controls (RBAC) are used.

Compliance

SOC 2 compliance

Knak has completed its first SOC 2 Type II audit as of November 30, 2021. The SOC 2 report can be made available to current and prospective clients with a signed MNDA.

GDPR compliance

Knak takes a proactive approach to privacy, collecting limited personal identifiable information and aligning our hiring and sub-processing policies and practices to our GDPR compliant data processing agreements.