System & Security
If you're interested in learning more about Knowledge Anywhere's security policies you can download the "Frequently Asked Security Questions" document below.
The document answers the following questions:
- What are Knowledge Anywhere’s data security policies?
- Can I have a copy of Knowledge Anywhere’s security policy, or at least that part of it which applies to the hosted solution?
- What software development processes does Knowledge Anywhere use to ensure that software products that are part of the solution are free of security defects?
- Would Knowledge Anywhere clients ever have occasion to log on to hosted infrastructure systems in any way while using a Knowledge Anywhere solution or product?
- How quickly would Knowledge Anywhere inform a client if a security incident or data exposure occurred? What steps would be taken to mitigate any damage to clients if such an incident occurred?
- What steps would Knowledge Anywhere take to mitigate any damage to the client if such a vulnerability were discovered?
- Are the data centers used as part of Knowledge Anywhere solutions ISO 27001 certified? If any payment card data is involved are the data centers also PCI DSS certified?
- Are any third-parties or subcontractors involved in the provision of a Knowledge Anywhere solution either as hosting providers, software providers, service providers, or in any other way? If so, how does Knowledge Anywhere ensure that these third parties or subcontractors cannot negatively affect the security level of the solution?
- Are Knowledge Anywhere employees aware of their obligation to maintain the confidentiality of all customer data? How is this documented? Are your business partners aware of their obligation to maintain the confidentiality of all customer data?
- What does Knowledge Anywhere do to protect against information security breaches by highly privileged insiders, such as inappropriate access to data by a system administrator?
- Will Knowledge Anywhere allow the client or its agents to carry out information security and data protection audits of a hosted solution? Will clients also be able to carry out such audits on Knowledge Anywhere sub-contractors? For example, audits for penetration tests against your hosted solution and software, security processes as they relate to the solution, software development process, and technical and organization processes as they relate to the solution.
- Will client data be protected by encryption both in transit and at rest?
- Is Knowledge Anywhere prepared to assist a client to produce its data as necessary for litigation (E-Discovery)?
- How do Knowledge Anywhere system administrators enforce the principle of least privilege? Do any administrators have unrestricted access to customer data or the systems and networks used to process the data?
- Do Knowledge Anywhere solutions comply with all applicable national and international data protection laws and regulations?
- Are Knowledge Anywhere employees aware of their responsibilities under applicable national and international data protection laws and regulations?
- Are Knowledge Anywhere solutions entirely hosted in the United States including hosting, storage of backups, and disaster recovery? If not, where is it hosted?