In the KanbanBOX team, we maintain a strong focus on the security and reliability of the applications we provide, and
the infrastructure they are hosted within.
We ensure they are compliant with relevant standards like ISO27001, and with applicable laws like GDPR.
You, as our customer, manage the user accounts and the data within your accounts, and remain responsible that your
organization uses our applications in a compliant way.
Overall, security of your data is a joint responsibility, and an effort of you and us working as a team.
In this document, we explain our shared responsibility model around information security.
Responsibility model
The following table summarizes who, between you and us, is responsible for each responsibility area:
| Responsibility Area | KanbanBOX | Customer |
|---|---|---|
| Devices (PCs, Mobile, Printers) | ✓ | |
| Data and Information | ✓ | ✓ |
| User accounts | ✓ | ✓ |
| Applications | ✓ | |
| Host Infrastructure | ✓ |
Customer's responsibilities
Client device security
You are responsible for your device security, and especially keeping the device OS, browser and mobile applications updated to the latest version.
Shared responsibilities
Data and Information
We are responsible for:
- encrypting your data at rest and in transit between our systems
- performing regular system-level data backups. Backups include your data
- notifying you in the event we become aware of a data breach affecting your data
You are responsible for:
- the data and information you upload in the KanbanBOX application, and with which suppliers and customers you share them
- ensuring that the data you upload is compliant
- the security of data transmission when configuring and integration with an external system outside our infrastructure
User accounts
We are responsible for:
- Developing security features inside KanbanBOX that empower you to manage your users effectively
- Providing strong authentication options, such as Multi-Factor Authentication, Single-Sign-On, Identity Management delegation, IP address restrictions.
You are responsible for:
- Creating, updating and deleting user accounts
- Providing each user account with the most suitable access role
- Implementing strong authentication options
- Conducting regular access reviews
- Monitoring your organization's user accounts for malicious access or usage.
KanbanBOX's responsibilities
Applications
We are responsible for securing the application itself, including implementing security patches and preventing common vulnerabilities. We regularly conduct penetration testing and vulnerability assessment activities with independent third party cyber-security advisors.
Host Infrastructure
We are responsible for securing the underlying infrastructure, including data centers, network, and hardware. We regularly conduct network vulnerability assessment activities with independent third party cyber-security advisors.
Comments
0 comments
Article is closed for comments.