Security at Kramah Software

At Kramah Software, we understand that safeguarding your data and ensuring the security of our platform is paramount. We have invested in robust security resources and controls to provide the highest level of protection for your information. Our commitment to security includes defining and enhancing controls, implementing our security framework, and facilitating compliance and risk management.

Our Security Objectives

Our security framework aligns with industry best practices in the Software as a Service (SaaS) sector. Our key security objectives are:

Customer Trust and Protection: Our top priority is delivering exceptional products and services while safeguarding the privacy and confidentiality of your data.

Information and Service Integrity: We employ stringent security controls to maintain the integrity of your data, preventing unauthorized access or misuse.

Availability and Continuity of Service: We ensure that our services and your data remain available to authorized users, proactively mitigating security risks.

Compliance with Standards: We adhere to global security standards, GDPR, ISO 9001:2015, ISO/IEC 27001:2013, and more, aligning our processes and controls with industry best practices.

The Kramah Promise

Kramah Software is unwavering in its commitment to complying with all applicable regulations and laws across the regions we serve. We acknowledge our responsibilities as both a data controller and processor, taking data integrity and security seriously.

Compliance Certifications

We uphold compliance with industry-accepted security and privacy frameworks through:

ISO/IEC 27001:2013 Certification: Kramah Software is ISO/IEC 27001:2013 certified, ensuring comprehensive information security management.

ISO 9001:2015 Certification: Kramah Software is ISO 9001:2015 certified, ensuring comprehensive information security management.

GDPR Compliance: Kramah Software adheres to GDPR standards, ensuring privacy and security for all users, regardless of location.

Privacy and Data Protection

Kramah Software respects data subject rights under applicable data protection laws. Data security is ingrained in our product development, operational processes, and organizational culture.

Cloud Security

We entrust leading cloud infrastructure providers, such as Amazon Web Services (AWS) and Microsoft Azure, with hosting our product infrastructure. These providers offer robust physical and network security measures and maintain compliance with industry standards.

Network Protection

Our network security includes cloud security services, Cloudflare edge protection networks, regular audits, and network intelligence technologies to detect and mitigate malicious activity.

Vulnerability Management

We employ comprehensive vulnerability scanning and third-party penetration testing to identify and address potential security risks.

Bug Bounty Program

Kramah Software encourages security researchers and customers to report vulnerabilities through our Bug Bounty Program, enhancing our security.

Encryption

Data in transit is encrypted using industry-standard HTTPS/TLS, and data at rest is secured with AES-256 key encryption, ensuring the confidentiality and integrity of your data.

Secure Development

Our Secure Development Lifecycle includes secure code training, regular reviews, and third-party penetration tests to address security threats effectively.

Host Security

We implement strong host security measures, including SSH keys, access restrictions, and role-based access controls.

Password Policy

We enforce a robust password policy to enhance data security.

Web Application Firewall (WAF)

Our dedicated WAF provides strong protection against web-based threats.

Credit Card Information Protection

We do not store or process credit card information, relying on PCI-compliant payment vendors for secure transactions.

Availability and Business Continuity

Our disaster recovery program ensures service availability and continuity during unforeseen events.

Administrative Operations

Access to administrative operations is restricted to authorized personnel, and access activities are logged and monitored.

Human Resources Security

We maintain security policies, offer security awareness training, and conduct background verifications for all employees.

Privacy and Data Security Resources

We provide a range of resources, including privacy policies and compliance documentation, to enhance transparency.

Cloud Security

Our cloud infrastructure providers maintain high-level physical and network security measures, enhancing our data protection capabilities.

Data Center Security

Data centers housing our infrastructure are certified for security and compliance.

Network Security

We employ advanced network security measures to protect against unauthorized access and threats.

Secure Development (SDLC)

Our Secure Development Lifecycle ensures that security is embedded in our development processes.

Quality Assurance (QA)

Our QA department reviews and tests our codebase for security.

Separate Environments

We maintain separate environments for development and testing, ensuring data security.

Application Security

Our security controls cover various aspects, from DDoS protection to web application firewalls.

Host Security

We implement strong host security measures to protect our servers and your data.

Password Policy

We enforce a robust password policy to enhance security.

Web Application Firewall (WAF)

Our dedicated WAF provides strong protection against web-based threats.

Credit Card Information Protection

We do not store or process credit card information, relying on PCI-compliant payment vendors for secure transactions.

Availability and Business Continuity

Our disaster recovery program ensures service availability and continuity during unforeseen events.

Administrative Operations

Access to administrative operations is restricted to authorized personnel, and access activities are logged and monitored.

Human Resources Security

We maintain security policies, offer security awareness training, and conduct background verifications for all employees.

For more information about Kramah Software’s commitment to security, please contact us.