SECURITY
Kinduct views Privacy and Security as business issues, not compliance issues, providing a competitive business advantage, and ensuring the protection of Personal Information and other sensitive data.
Overview
At Kinduct, we value your data and privacy, and have gone to great lengths so that users of our Athlete Management System can trust our secure infrastructure to ensure the confidentiality, integrity and availability of data. We are proudly Privacy by Design certified as well as GDPR and HIPAA compliant. Privacy by Design ensures Kinduct’s privacy program not only adheres to compliance with regulatory frameworks, but integrates privacy assurance as the organization’s default mode of operation.
- Privacy Officer / Certified Information Privacy Manager (IAPP)
- Comprehensive Information Security Management System (ISMS) aligned to ISO 27001
- DDoS protection
- Web Application Firewall
- Monitoring systems
- Data Loss Prevention technologies
- Machine learning and AI software to detect and prevent cyber threats, including autonomous response to stop attacks within seconds
- Secure Software Development Life Cycle (S/SDLC)
- Vulnerability Management program
- Daily internal / external (pen testing) scans
- Continuous code quality and vulnerability checking
- Anti-malware protection, providing administration insight and alerting
- Full data lifecycle management, including data retention and destruction plans
Application Security
Our cloud-based platform offers multi-faceted security for its users.
- Configurable password requirements including length, complexity, expiration, and re-use limits
- Automated account lockout after a configurable number of attempts
- Multi-factor Authentication (MFA)
- In-depth roles / permissions system putting you in charge of who can see what data
- Athletes control access to who can see their ingested wearables data
- Web Application Firewall (WAF)
- AES-256 encryption in storage and in transit
- Audit trails
Privacy by Design
Kinduct is the first company in the industry to achieve a Privacy by Design (PbD) certification, based on an ISO-accredited assessment framework developed by KPMG. This is proof of Kinduct’s commitment to not only the security of customer data, but the privacy of individuals. The certification combines 30 assessment criteria and 94 illustrative privacy and security controls from global privacy and security requirements and standards, including EU GDPR, ISO/IEC 29100, ISO/IEC 27001, ENISA, GAPP, industry best practices and regulatory guidance. For more details on Privacy by Design, click here.
HIPAA Compliance
Kinduct has been independently assessed by KPMG to be HIPAA compliant, with the final report concluding “… that Kinduct has a mature Privacy and Security Program and is committed to continuously improve its program as regulations, standards, and best practices evolve. The Program includes a comprehensive Information Security Management System (ISMS), risk management process, mandatory annual security and privacy training, a Secure Software Development Life Cycle (S/SDLC), automated vulnerability management, an incident and breach management plan, and data retention and destruction procedures.”
For more details on our comprehensive privacy and security controls, please reach out to our Director of Information Security, Andrew Milne at andrew.milne@kinduct.com.
