There is no room for missteps when it comes to security.
Given the nature of our business, we are entrusted with large amounts of sensitive and confidential information by our clients and understand that security is increasingly imperative for today’s corporations. We invest significant time and money to protect your most sensitive electronically stored information.
ISO/IEC 27001 mandates specific requirements before an organisation can be certified compliant. They require that KLDiscovery:
- Systematically examine the organisation’s information security risks, taking account of the threats, vulnerabilities and impacts.
- Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment.
- Adopt an overarching management process to ensure that the information security controls continue to meet the organisation’s information security needs.
- Conduct annual audits to ensure security compliance.
EU-US and Swiss-US Privacy Shield Compliant
The EU-US and Swiss-EU Privacy Shield Frameworks are an important way for U.S. companies to avoid experiencing interruptions in their business dealings by providing a compliant mechanism to transfer personal data to the US under EU and Swiss privacy laws.
KLDiscovery adheres to both the EU-US and Swiss-EU Privacy Shield Frameworks developed by the US Department of Commerce, the European Commission and the Swiss Government.
State-of-the-Art Information Security
Data in our possession is secured by some of the most advanced data security and disaster recovery technology available, including:
- Multi-zoned, segmented networks to ensure isolation of critical systems and data. All internet traffic transmitted over a firewall-to-firewall VPN.
- Role-based access controls to all systems and networks to ensure confidentiality. Access is regularly audited to ensure proper privilege levels for each employee.
- Redundancy across all critical systems to ensure availability. Backups performed every 15 minutes between primary and backup data centres.
- Annual third party penetration tests and monthly vulnerability scans.
Secure Data Centres
KLDiscovery’s data centres feature multiple layers of security and safety devices to protect the integrity of critical data, including 24x7 monitoring, redundant power and cooling systems, secured access requiring unique PIN or biometric reading and secure storage for media and evidence.
Global data centre locations:
- Slough, England
- Dublin, Ireland
- Frankfurt, Germany
- Toronto, Ontario
- Paris, France
- Austin, TX
- Eden Prairie, MN
- Brooklyn Park, MN
- Tokyo, Japan
* Other locations also available through the Microsoft Azure Cloud.
KLDiscovery adheres to a defence-in-depth strategy where preventative, detective, and reactive controls are deployed to monitor the systems environment. To that end, KLDiscovery maintains a wide range of security controls and tools across the technology stack, including:
- Penetration testing executed by a third party to provide an unbiased evaluation of the security posture of the application and infrastructure.
- Intrusion Detection (IDS) Technology to monitor and alert on malicious activity discovered in network traffic.
- Security Information and Event Monitoring (SIEM), which collects security events and logs from devices across the enterprise.
- Office 365 for monitoring and managing security across KLDiscovery accounts, data, devices, apps, and infrastructure.
- Anti-Virus/Malware Technology is deployed to all enterprise workstations and infrastructure. Daily virus scans, monthly security patch updates and expedited critical patches keep systems current.
- Predictive server management and monitoring enable early responses to potential hardware and application issues.