At Knowa we take the security and privacy of our users’ data very seriously, and for good reasons. We are constantly monitoring and improving Knowa to meet the growing demands and challenges of security and cybercrime. Every person and team using our service expects their data to be secure and confidential and as such we have gone to extensive measures to protect it. As a rule we don’t like to expose too much information about our security practices, however we understand that security is very important to our customers, so we decided to share the following information. We hope you find it useful.
Taking your security seriously
All user data is transported securely, with FIPS 140-2 certified, AES 256-bit encryption at rest and in transit. Encrypting the data protects it from unauthorised modification and man-in-the-middle attacks. We use 256-bit SSL/TLS.1.2 encryption, utilising both the ECDSA and RSA algorithms.
Our hosting environment is fully-redundant with disaster recovery procedures. Our cloud hosting providers maintain multiple certifications for their data centres and comply with international regulatory standards including ISO 27001, ISO 27018, SOC 2 (SSAE 16), PCI DSS, FedRAMP and HIPAA.
Our servers are located in London, Cardiff and Dublin and continuously backed up.
People and Access
The privacy of your data is a big deal to us and it is in the interest of Knowa to reassure users that there will never be unauthorised access. Without exception, no one (no employee, contractor or partner of Knowa) will have access to any account and user data or communications stored on the Knowa platform.
In the event of required support, specific data and communications will be accessed only with explicit signed authorisation from an account owner. In such an event this will be carried out by a named person or set of persons within Knowa support.
Logging and Monitoring
All login and server access to account and user information is logged in real time and is permanently immutable. These logs can be requested for auditing at any time by account owners and administrators so you can always verify that no unauthorised access has happened.
We continuously monitor event logs, notifications and alerts from all our systems in order to prevent threats.
Development & Testing
The Knowa development team employs the latest secure coding techniques and best practices and adheres to the NCSC SaaS Security Principles. All developers are formally trained in secure web application development practices.
Development, testing and production environments are kept separate. All changes are peer reviewed and logged for performance and audit purposes prior to deployment into the production environment.
Our code and front-end application are regularly tested for vulnerabilities by a third-party CREST certified penetration test firm. Results of these test can be requested for review by Knowa clients.
User Access & User security
Access to content within Knowa is defined and managed by authorised administrators of each organisation and workspace. All granted and revoked access to content is logged for transparency within Knowa workspaces, to help users adhere to governance policies and to provide a clear audit trail for compliance purposes.
Users must use secure and longer passwords, and two-factor authentication is encouraged to maintain user security.
Custom Governance Controls
Custom governance controls can be applied to content shared on Knowa including document retention, disposition policies and legal holds.