Kiuwan uses some of the most advanced technology for Internet security available today. Secure Socket Layer (SSL) technology protects your information using encryption and authentication server both of your computer and data between the data center, ensuring that your data in transit is safe, secure and available only to registered users in your organization.
Our servers are securely located in a state-of-the-art facility that is managed by Amazon, a premier provider of managed hosting and advanced connectivity solutions. Kiuwan has chosen Amazon because of their reputation for quality service and support as well as their unparalleled reputation for reliably posting many of the internet’s most trafficked Web Systems.
USER DATA PERSISTENCE
Users can decide to delete their account anytime. When an account is deleted, all associated data is deleted as well from the application.
Deleting an account in the application does not mean to unsubscribe from periodical email marketing communications. Users can always unsubscribe from these communications directly clicking the appropriate link in the received emails.
APPLICATION DATA PERSISTENCE
Kiuwan implements the following application analyses persistence policy:
An account that is active, at all times have access to its data.
The resultant details of the Service will kept stored until 3 months after the subscription has ended.
Analysis Data removed by user requests will be irretrievably deleted.
For trial accounts, the last three analyses are stored, and the above policies still apply.
SOURCE CODE PRIVACY
Kiuwan Service follows these procedures:
When analysis is run in Kiuwan site, source code uploaded by the user will be deleted after the analysis has been completed.
When analysis is run locally, source code will be kept local and will not be uploaded to Kiuwan site.
Exceptions to this behavior are the following:
The lines in which Kiuwan had detected a violation will be kept as part of the analysis results with the purpose of documenting the user where such violation has occurred. This behavior can be overridden by executing the analysis locally and configuring property dump.code = false in analyzer.properties configuration file.
In case a support issue is found, Kiuwan will keep affected source code for debugging and product enhancement purposes until the resolution of the issue. In case of using Local Analyzer, lines of affected source code will be uploaded, and the user can override this behavior by configuring property dump.code = false in analyzer.properties configuration file.
All perimeter doors require key card access and matching biometric palm or fingerprint scan. Visitors are only allowed escorted access to the data center and NOC on an as-needed basis. All internal doors leading to the data center also requires an additional card scan for access. Within the data center, all customer equipment is located in locked cabinets or cages.
PEOPLE AND ACCESS
Amazon Support maintains an account on all hosted systems and applications for the purposes of maintenance and support. In some cases, selected Kiuwan support engineers may also have access to hosted applications and data. Only employees with the highest clearance have access to application data and code. An authentication is done via individual passphrase-protected public keys, rather than passwords, and the servers only accept incoming SSH connections from Kiuwan and from the Kiuwan virtual network (VPC) hosted in Amazon. Application data is only accessible with appropriate credentials, ensuring that there is no possibility of one customer having access to another customer’s data and code without explicit knowledge of their login information.
In Addition to regular audits, including 3rd party application penetration testing, the Amazon facilities have undergone a successful SAS70 Type II audit. SAS70 certifies that a service organization has had an in-depth audit of its controls (including control objectives and control activities), which in case of Amazon relates to operational performance and security to safeguard customer data.
Batabase backups are performed daily for Kiuwan Service, and maintained for a minimum of seven days.