Security at Kaleido
The security of Blockchain is a major benefit of the technology and Kaleido looks at security as a pillar of our business. We take security seriously at Kaleido. We use Secure Development practices in developing Kaleido services and select secure settings in configuring cloud environments. We regularly assess risks to our environment and our customers’ data. We continue to make substantial investments to assure the confidentiality, integrity, and availability of Kaleido services.
Audits and Certifications
Kaleido’s SOC-2 Type II Report was issued by A-lign, an independent and accredited certification based in the United States upon successful completion of a formal audit process. Kaleido was assessed for Security, Availability and Confidentiality. Copies of our SOC-2 Type II Report are available, upon request, to customers with a current non-disclosure agreement with Kaleido.
ISO/IEC 27001:2013 and 27017/27018
Kaleido is an ISO/IEC 27001:2013 certified provider whose Information Security Management System (ISMS) has received third-party accreditation from the International Standards Organization for our Information Security Management System. Compliance with this internationally recognized standard confirms that Kaleido’s security management program is comprehensive and follows leading practices, including controls from the ISO 27017 Cloud Services and 27018 Protection of Personally Identifiable Information in Public Clouds frameworks.
Kaleido’s certification was issued by A-lign, an independent and accredited certification body based in the United States upon successful completion of a formal audit process. This certification is evidence that Kaleido has met rigorous international standards in ensuring the confidentiality, integrity, and availability of its Blockchain Business Cloud.
Third Party Infrastructure
The infrastructure used by Kaleido to host the Kaleido services is provided by world-class third-party providers, Amazon Web Services (AWS) and Microsoft Azure (Azure). The physical architectures hosted by these providers are located in the United States, Europe, and Asia with multiple Availability Zones in each Region. Kaleido customers may select the Regions for their nodes. The AWS and Azure infrastructures put strong safeguards in place to protect customer data in highly-secure data centers.
AWS and Azure cloud services are compliant with SOC 1, SOC 2, SOC 3, ISO 27001, ISO 27107, ISO 27018, PCI DSS (plus many additional international regulations and controls) and complete multiple independent security audits annually. Information about security and privacy-related audits and certifications is available from the AWS and Azure Compliance sites.
Kaleido conducts formal Information Security Risk Assessments at least annually and assesses risks on a less-formal basis regularly.
The Executive Leadership Team and other key personnel participate in the annual Risk Assessment process. This process considers the likelihood, impact, and velocity of threats, identifies controls and risk mitigation strategies, and assesses the extent to which risks have been managed. Where residual risk has not been reduced to an acceptable level, additional mitigation strategies are considered and objectives for implementing improvements are adopted.
Management, Monitoring, and Continuous Improvement
Kaleido executive management views security as a pillar of our business and has made achieving compliance with security standards and frameworks a high priority. We designed our Information Security Management System to comply with ISO 27001 and, more importantly, to help support the objectives of our company.
We established an Information Security Steering Committee, that includes all members of our Executive Leadership Team, to monitor progress and ensure needed improvements receive management focus.
If you require more information, including a copy of Kaleido's SOC 2, Type II attestation, please contact us.