Krista Software Compliance and Security Policies

To help you with compliance and reporting, Krista Software shares information, best practices, access to certification information, and some policy documentation. Our organization regularly undergoes verification of security, privacy, and compliance controls, achieving certifications per global standards to earn and keep your trust. If you have questions regarding our policies, please email us at krista@kristasoft.com.

Krista Software is concerned with safeguarding your information. We employ reasonable physical, technological, and administrative security measures intended to safeguard and help prevent unauthorized access to sensitive information. However, no method of transmission over the Internet or electronic storage method is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored “personal data” (as defined in applicable state statutes on security breach notification) to you via email or conspicuous posting on the website in the most expedient time possible and without unreasonable delay, insofar as consistent with (I) the legitimate needs of law enforcement or (II) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.

Refer to Krista Software Privacy Policy at https://kristasoft.com/privacy-policy/.

In an untoward event, all security issues that are discovered during assessments would be mitigated based on the following risk levels. Remediation validation testing would be required to validate fix and mitigation strategies for any discovered issues of medium risk level or greater.

(I) High – Any high-risk issue would be fixed immediately, or other mitigation strategies must be put in place to limit exposure. Applications with high-risk issues are subject to being taken offline or denied external release.

(II) Medium – Medium risk issues would be reviewed to determine what is required to mitigate and would be scheduled accordingly. Applications with medium risk issues may be taken off-line or denied external release, based on:

  • The total number of issues.
  • The associate risk reaching an unacceptable level.

Issues would be fixed in a subsequent release unless other mitigation strategies limit exposure.

(III) Low – Issue would be reviewed to determine what is required to correct the issue and scheduled accordingly.

ISO/IEC 27001:2013

Krista Software is certified ISO/IEC 27001:2013. This certification validates our compliance with international security standards. The accreditation demonstrates our commitment to protecting our customer’s data’s confidentiality, integrity, and availability.

Krista Software’s approach to information security is based on the ISO/IEC 27001:2013 standard. We have implemented a comprehensive set of security controls to protect our customers’ data, which are reviewed and updated regularly to ensure that they remain effective.

Krista Software’s ISO/IEC 27001:2013 certification is your assurance that we take information security seriously and are committed to protecting your data. You can find Krista Software’s ISO/IEC 27001 certificate here.

SOC 2

Krista Software has achieved SOC 2 Type II compliance in accordance with American Institute of Certified Public Accountants (AICPA) standards for SOC for Service Organizations also known as SSAE 18. Achieving this standard with an unqualified opinion serves as third-party industry validation that Krista Software provides enterprise-level security for customer’s data secured in the Krista Software system.

Krista Software was audited by Prescient Assurance , a leader in security and compliance attestation for B2B, SAAS companies worldwide. Prescient Assurance is a registered public accounting in the US and Canada and provides risk management and assurance services which includes but is not limited to SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA, and CSA STAR.

An unqualified opinion on a SOC 2 Type II audit report demonstrates Krista Software manages its data with the highest standard of enterprise security and compliance.

 

Close Bitnami banner
Bitnami