Konfirmity Pte Ltd Trust Center

Compliance

ISO 27001:2022

HIPAA

SOC2 TYPE II

TRM

GDPR

Resources

No resource present!

Controls

App Security

Code Analysis
Secure Development Practices
Web Application Firewall

Data Security

Access Monitoring
Backups
Encryption

Access Control

Data Access
Logging
Password Security

Endpoint Security

Disk Encryption
MDM
Threat Detection

Network Security

Real time security and events management
Zero Trust

Corporate Security

Email protection
Employee Training
Incident Response

Security Grades

CryptCheck
HSTS Preload List
Qualys SSL Labs

Infrastructure

Cloud Infrastructure Provider
Anti DDoS
Business Continuity and Disaster Recovery

Reports

Pen Test Report
Architecture Diagram
Certifications

Product Security

Audit Logging
Integrations
Security Contact

App Security

Code Analysis

Our development team periodically performs code analysis for any vulnerabilities and we use static analysis tools to detect any potential security vulnerabilities in the source code. We follow a strict TAT to resolve security issues in our code.

Secure Development Practices

We follow secure coding standards, and perform regular code reviews to minimize security risks.

Web Application Firewall

We employ a Web Application Firewall that guarantees a strong line of defense against malicious attacks like SQL Injection and cross-site scripting. The firewall also protects us from bots and DDoS attacks.

https://www.konfirmity.com/privacy-policy

https://www.konfirmity.com/terms

Subprocessors

We strictly monitor and control the subprocessors to ensure data security and privacy. We do quarterly reviews for our vendors and the list of subprocessors can be found at

https://security.konfirmity.com/?tab=subprocessors

Data Processing Agreement

We have a robust data processing agreement in place that complies with data protection laws and regulations.

Data Security

Access Monitoring

We diligently monitor data access and every access is logged and audited for anomalous activities.

Backups

Data backups are performed daily to ensure business continuity and to protect against data loss.

Encryption

All data, both at rest and in transit, is encrypted using industry-standard encryption algorithms.

Physical Security

We use AWS for hosting, and their data centres employ industry-standard safety and security procedures.

Access Control

Data Access

We ensure that data access is granted only to authorized personnel and it is based on the principle of least privilege.

Logging

All activities are logged for audit and review purposes.

Password Security

We use Google and Microsoft logins for SSO with an additional support for password-less sign-ins. Hence, do not need password based restrtictions.

Endpoint Security

Disk Encryption

All our devices have full disk encryption enabled.

MDM

We use Mobile Device Management (MDM) solutions to manage and secure company-owned devices.

Threat Detection

We have advanced threat detection solutions in place capable of detecting suspicious activities.

Network Security

Real time security and events management

We use a SIEM system for real-time analysis of security alerts.

Zero Trust

We employ a Zero Trust Model across our company that makes sure every access request is authenticated.

Corporate Security

Email protection

We have email protection measures in place such as anti-phishing and anti-malware.

Employee Training

All our employees undergo annual cybersecurity training to ensure they are aware of the latest threats and best practices.

Incident Response

We have an incident response process in place that provides guidance on handling any potential security incidents.

Internal Assessments

We conduct regular internal security and compliance audits.

User Account Protection

We inherit MFA from our SSO providers. If a user has enabled MFA on Google Workspace or Microsoft 365 account, they will also have to use the same MFA to log onto Konfirmity.

Penetration Testing

Regular penetration testing is performed by external cybersecurity vendors.

Security Grades

CryptCheck

https://cryptcheck.fr/https/konfirmity.com

HSTS Preload List

https://hstspreload.org/?domain=konfirmity.com

Qualys SSL Labs

https://www.ssllabs.com/ssltest/analyze.html?d=konfirmity.com

Security Headers

https://securityheaders.com/?q=konfirmity.com&followRedirects=on

Infrastructure

Cloud Infrastructure Provider

Our secure, scalable cloud infrastructure is hosted by the industry-leading provider, AWS.

Anti DDoS

We have anti-DDoS measures in place to mitigate any potential DDoS attacks using AWS Firewall.

Business Continuity and Disaster Recovery

We have a robust business continuity and disaster recovery plan to ensure service availability.

Infrastructure Security

Our infrastructure is designed with multiple layers of protection to protect our systems and data.

Separation between Production and non-production

We have strict policies that separate our production and non-production environments.

Reports

Pen Test Report

Periodic penetration testing reports are generated which demonstrate our ongoing commitment to security.

Architecture Diagram

Our security architecture diagram is part of our comprehensive security documentation.

Certifications

We comply with various industry security standards and are in the process of obtaining several security certifications.

Product Security

Audit Logging

All user activities within our product are logged for auditing purposes.

Integrations

We carefully review all integrations to ensure they meet our high standards for security and privacy.

Security Contact

For any security related concerns, customers can directly get in touch with our security team.

Multi Factor Authentication

Our product offers multi-factor authentication to enhance account security.

Role Based Access Control

Access to sensitive data and systems is controlled based on user roles within the organization.

SSO support

We provide SSO support for seamless and secure user experience. Our SSO providers are Google and Microsoft.

Policy

VULNERABILITY SUMMARY

Report Title

Product/Website Concerned

CVSS(4.0) Score

None

CVSS:4.0/AC:L/AT:N/AV:N/PR:N/SA:N/SC:N/SI:N/UI:N/VA:N/VC:N/VI:N

Exploitability Metrics

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact

Confidentiality (VC)

Integrity (VI)

Availability (VA)

Subsequent System Impact

Confidentiality (SC)

Integrity (SI)

Availability (SA)

REPORTER INFORMATION

Your Name

Your Mail

Your PGP public key

TECHNICAL DETAILS

Endpoint

Vulnerable Part

Part Name

Payload

Technical Environment

Technical Details

Upload Files

I agree with

By submitting a report, security researcher warrants that the report and any attachments do not violate the intellectual property rights of any third party and the security researcher assigns free of charge to the receiving company who accepts all intellectual property rights.