ISO/IEC 27001 mandates specific requirements before an organisation can be certified compliant. They require that KLDiscovery:
- Systematically examine the organisation’s information security risks, taking account of the threats, vulnerabilities and impacts.
- Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment.
- Adopt an overarching management process to ensure that the information security controls continue to meet the organisation’s information security needs.
- Conduct annual audits to ensure security compliance.
SOC 2® Certified
KLDiscovery has been independently audited for SOC 2 compliance to provide detailed information and assurances about the controls pertinent to the security of the systems we use to process clients’ data and the confidentiality and privacy of the information processed by these systems.
State-of-the-Art Information Security
Data in our possession is secured by some of the most advanced data security and disaster recovery technology available, including:
- Multi-zoned, segmented networks to ensure isolation of critical systems and data. All internet traffic transmitted over a firewall-to-firewall VPN.
- Role-based access controls to all systems and networks to ensure confidentiality. Access is regularly audited to ensure proper privilege levels for each employee.
- Redundancy across all critical systems to ensure availability. Backups performed every 15 minutes between primary and backup data centres.
- Annual third party penetration tests and monthly vulnerability scans.
Secure Data Centres
KLDiscovery’s data centres feature multiple layers of security and safety devices to protect the integrity of critical data, including 24x7 monitoring, redundant power and cooling systems, secured access requiring unique PIN or biometric reading and secure storage for media and evidence.
Global data centre locations:
- Austin, TX
- Eden Prairie, MN
- Brooklyn Park, MN
- Toronto, Canada
- Slough, England
- Dublin, Ireland
- Frankfurt, Germany
- Paris, France
- Tokyo, Japan
KLDiscovery adheres to a defence-in-depth strategy where preventative, detective, and reactive controls are deployed to monitor the systems environment. To that end, KLDiscovery maintains a wide range of security controls and tools across the technology stack, including:
- Penetration testing executed by a third party to provide an unbiased evaluation of the security posture of the application and infrastructure.
- Intrusion Detection (IDS) Technology to monitor and alert on malicious activity discovered in network traffic.
- Security Information and Event Monitoring (SIEM), which collects security events and logs from devices across the enterprise.
- Office 365 for monitoring and managing security across KLDiscovery accounts, data, devices, apps, and infrastructure.
- Anti-Virus/Malware Technology is deployed to all enterprise workstations and infrastructure. Daily virus scans, monthly security patch updates and expedited critical patches keep systems current.
- Predictive server management and monitoring enable early responses to potential hardware and application issues.