.svg){kind=small}
Penetration testing executed by a third party to provide an unbiased evaluation of the security posture of the application and infrastructure.
There is no room for missteps when it comes to security.
Given the nature of our business, we are entrusted with large amounts of sensitive and confidential information by our clients and understand that security is increasingly imperative for today’s corporations. We invest significant time and money to protect your most sensitive ESI.
Because security is a core principle guiding every decision we make, we built the Trust Center to reflect that commitment. KLDiscovery’s Trust Center combines robust security measures with secure, transparent access to essential documentation. Explore the Trust Center at Trust.KLDiscovery.com.
ISO/IEC 27001- Certified
ISO/IEC 27001 mandates specific requirements before an organization can be certified compliant. They require that KLDiscovery:
Systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities and impacts.
Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment.
Adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs.
Conduct annual audits to ensure security compliance.
SOC 2® Certified
KLDiscovery has been independently audited for SOC 2 compliance to provide detailed information and assurances about the controls pertinent to the security of the systems we use to process clients’ data and the confidentiality and privacy of the information processed by these systems.
HIPAA Security Rule Compliance
KLDiscovery has completed an independent audit resulting in a certification of compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which also covers the Health Information Technology for Economic and Clinical Health Act (HITECH).
HIPAA sets a national standard for the protection of consumers’ Protected Health Information (PHI) and electronic Protected Health Information (ePHI) by mandating risk management best practices and physical, administrative, and technical safeguards. The goal of the HIPAA Security Rule is to create security, confidentiality, integrity, and availability of ePHI, protecting against threats, unpermitted disclosures, and ensuring workforce compliance.
Accreditation under the Data Privacy Framework Program (known as the “DPF”)
The EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF were respectively developed by the U.S. Department of Commerce and the European Commission, UK Government, and Swiss Federal Administration to provide U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union, United Kingdom, and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law.
The DPF program is administered by the International Trade Administration (“ITA”) within the U.S. Department of Commerce. Once an organization certifies to the ITA and publicly declares its commitment to adhere to the DPF Principles, that commitment is enforceable under U.S. law.
KLDiscovery is accredited with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF and publicly commits to comply with the DPF Principles. To learn more about the DPF, its data protection requirements and to view our certification, please visit:
https://www.dataprivacyframework.gov/.
State-of-the-art
Information Security
Data in our possession is secured by some of the most advanced data security and disaster recovery technology available, including:
Multi-zoned, segmented networks to ensure isolation of critical systems and data. All internet traffic transmitted over a firewall-to-firewall VPN.
Role-based access controls to all systems and networks to ensure confidentiality. Access is regularly audited to ensure proper privilege levels for each employee.
Redundancy across all critical systems to ensure availability. Backups performed every 15 minutes between primary and backup data centers.
Annual third party penetration tests and monthly vulnerability scans.
Secure Data Centers
KLDiscovery’s data centers feature multiple layers of security and safety devices to protect the integrity of critical data, including 24x7 monitoring, redundant power and cooling systems, secured access requiring unique PIN or biometric reading, and secure storage for media and evidence. Global data center locations:
Technical Security
KLDiscovery adheres to a defense-in-depth strategy where preventative, detective, and reactive controls are deployed to monitor the systems environment. To that end, KLDiscovery maintains a wide range of security controls and tools across the technology stack, including:
Intrusion Detection (IDS) Technology to monitor and alert on malicious activity discovered in network traffic.
Security Information and Event Monitoring (SIEM), which collects security events and logs from devices across the enterprise.
Office 365 for monitoring and managing security across KLDiscovery accounts, data, devices, apps, and infrastructure.
Anti-Virus/Malware Technology is deployed to all enterprise workstations and infrastructure. Daily virus scans, monthly security patch updates and expedited critical patches keep systems current.
Predictive server management and monitoring enable early responses to potential hardware and application issues.