Platform security
Kianda is committed to delivering a best-in class solution to our clients by placing security at the core of our offering. In terms of security and quality, Kianda’s services and solutions are ISO27001:2013 certified and audited by external parties, so you can be confident that we follow best practice for our clients’ data and information security.
The Kianda Platform is a solution that is SaaS cloud-based, allows for integration to multiple third-party IT systems / siloed data sources, for example SharePoint Online Environment and Active Directory, SAP, SQL Server, O365, Oracle amongst others. Kianda employs the highest levels of security (as demonstrated by our ISO certification), and includes an extensive dashboard and reporting/audit trail functionality.
Kianda Quality Assurance Systems
Kianda uses the following methodologies to ensure the Kianda platform meets the highest quality assurance levels:
- Kianda follows agile methodologies for the management of product development and project deliveries. Team members are certified in Agile Project Management and Scrum Framework, ensuring we deliver best practice project documentation and product development cycles.
- Kianda’s ISMS (Information Security Management System) policy is designed to protect Kianda’s information assets and our clients’ information from all threats, whether internal or external, deliberate or accidental. This provides a security approach that satisfies our clients, a solid understanding of security requirements and risk management practices, and effective security communication to all Kianda employees, contractors, partners, clients, and third parties.
- Kianda’s ‘Security in Development and Support Processes” Policy covers Patch Management Processes, Technical Review of Operating System Changes, Restrictions on Changes to Software Packages and Product Development stages. Kianda also details the regular backup copies and generations of all software, documentation and business information. Regular testing is carried out to ensure the quality and usability of backed-up resources.
- Kianda is ISO 27001 ISMS certified and audited by an external party every six months. Details may be accessed here: https://www.kianda.com/information-security.
The Kianda Platform fully complies with all GDPR requirements and is being continually improved, with a roadmap of enhancements planned for deployment in the near future.
Security - Authentication
The Kianda platform provides Single Sign-On capability with SharePoint or OneLogin. This allows users to create/view/approve forms by first logging in with their Active Directory (AD) account. Security is provided by integration with the Clients Active Directory / O365 or other multi-factor authentication requirements.
Kianda can synchronise users and their groups from SharePoint, O365 or AD. The platform provides the ability for external users to integrate with SSO and MFA authentication via guest users in O365.
Security - User Management
The Kianda platform allows for different users to have different security privileges, providing for easy administrative management of users and their access rights.
Our platform allows the following user levels by default, in addition to the flexible and dynamic security access levels that can be added individually to a form, to a process, to a dashboard and to a data source connection:
-
User (can only access what is assigned to them)
-
Administrator (can access all)
-
Manage partners/customers (can only access what is required to manage customer portals)
-
Design business process (can only design business forms and workflows)
-
Manage data sources (can only manage data sources and connections)
-
Developer (can design new widgets within the platform)
The platform allows for the creation of user groups and the ability to assign these user groups to processes or dashboards as needed. Dashboard levels or particular widgets can be configured to be visible to certain users or groups of users - plus, data source connections can be configured in the same way to ensure the highest access control levels.
Our data classification system has been designed to support access to information based on the need to know so that information will be protected from unauthorised disclosure, use, modification, and deletion.
The Kianda platform ensures that data is never transmitted in clear text or stored in a DB or file solution and is hosted and secured in MS Azure with enterprise-grade security. All data generated is encrypted at rest and in transit. Data records are also masked from a GDPR point of view. We employ Microsoft security products to automatically mask and classify personal data - which is scheduled weekly.
Overall, Kianda Technologies follows ISO ISMS policies, GDPR best practices and OWASP guidelines for product development. Kianda Technologies will also adhere to Client security standards.
What’s next
This page introduces security in Kianda, to read more about how levels of security are administered, please see the links below: