ISO/IEC 27001 mandates specific requirements before an organisation can be certified compliant. They require that KLDiscovery:
- Systematically examine the organisation’s information security risks, taking account of the threats, vulnerabilities and impacts.
- Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment.
- Adopt an overarching management process to ensure that the information security controls continue to meet the organisation’s information security needs.
- Conduct annual audits to ensure security compliance.
SOC 2® Certified
KLDiscovery has been independently audited for SOC 2 compliance to provide detailed information and assurances about the controls pertinent to the security of the systems we use to process clients’ data and the confidentiality and privacy of the information processed by these systems.
Accreditation under the EU-US and Swiss-US Privacy Shield Frameworks
KLDiscovery is accredited with the U.S. Department of Commerce under the EU–U.S. Privacy Shield Framework and the Swiss–U.S. Privacy Shield Framework. Although we will not base personal data transfers from the EU or from Switzerland to the USA on the basis of the Privacy Shield Frameworks, we will still adhere to the obligations under the EU-U.S. and Swiss-US Privacy Shield Frameworks.
Following the decision of the Court of Justice of the European Union on 16July, 2020, declaring personal data transfers based on EU-U.S. Privacy Shield invalid, the U.S. Department of Commerce has stated that it will continue to administer the Privacy Shield program, including processing submissions for self-certification and re-certification to the Privacy Shield Frameworks and maintaining the Privacy Shield List.
To learn more about the Privacy Shield program, its data protection requirements and to view our certification, please visit https://www.privacyshield.gov/.
State-of-the-Art Information Security
Data in our possession is secured by some of the most advanced data security and disaster recovery technology available, including:
- Multi-zoned, segmented networks to ensure isolation of critical systems and data. All internet traffic transmitted over a firewall-to-firewall VPN.
- Role-based access controls to all systems and networks to ensure confidentiality. Access is regularly audited to ensure proper privilege levels for each employee.
- Redundancy across all critical systems to ensure availability. Backups performed every 15 minutes between primary and backup data centres.
- Annual third party penetration tests and monthly vulnerability scans.
Secure Data Centers
KLDiscovery’s data centres feature multiple layers of security and safety devices to protect the integrity of critical data, including 24x7 monitoring, redundant power and cooling systems, secured access requiring unique PIN or biometric reading and secure storage for media and evidence.
Global data centre locations:
- Austin, TX
- Eden Prairie, MN
- Brooklyn Park, MN
- Toronto, Canada
- Slough, England
- Dublin, Ireland
- Frankfurt, Germany
- Paris, France
- Tokyo, Japan
KLDiscovery adheres to a defence-in-depth strategy where preventative, detective, and reactive controls are deployed to monitor the systems environment. To that end, KLDiscovery maintains a wide range of security controls and tools across the technology stack, including:
- Penetration testing executed by a third party to provide an unbiased evaluation of the security posture of the application and infrastructure.
- Intrusion Detection (IDS) Technology to monitor and alert on malicious activity discovered in network traffic.
- Security Information and Event Monitoring (SIEM), which collects security events and logs from devices across the enterprise.
- Office 365 for monitoring and managing security across KLDiscovery accounts, data, devices, apps, and infrastructure.
- Anti-Virus/Malware Technology is deployed to all enterprise workstations and infrastructure. Daily virus scans, monthly security patch updates and expedited critical patches keep systems current.
- Predictive server management and monitoring enable early responses to potential hardware and application issues.