Military Grade Security

KruptoConnect delivers a quality solution while maintaining the confidentiality, integrity, availability and privacy of sensitive data that’s critical to your business and ours.

network-securtity

Network Security

AWS provides a strong foundation of security and compliance which we supplement by employing industry standard network security controls designed to protect Customer Data, including, but not limited to, the following:

We have implemented and maintain a host-based intrusion detection system and network-based intrusion detection system designed to alert us in the event of suspicious activity.

We use HTTPS/TLS with AES-256 encryption to secure connections between browsers, mobile apps, and other components to KruptoConnect and as also add up additional layer of AES-256 encryption on the Socket connection to our platform. There is dual layer of Cryptography which we use to secure the communication.

Transmission or exchange of Customer Data with you and any third parties authorized by you to receive the Customer Data will be conducted using secure methods (e.g., TLS, HTTPS, SFTP).

We encrypt call recordings by default. KruptoConnect generates customer specific per recording encryption key used to secure each call recordings. Chat sessions are encrypted in transit.

We use industry standard methods to support encryption. We use a minimum of RSA 2048 bits for asymmetric key encryption. For symmetric key encryption, we use AES 128 bits. For hashing, we use SHA1 and SHA2.

User Access Control

We have implemented and maintain appropriate access controls and the concept of least privilege designed to ensure only authorized users have access to Customer Data within KruptoConnect. User access is logged for audit purposes.

Your User Access (Managed by Us)

As KruptoConnect is a managed service, we help you manage the whole application and create users, extensions and assign respective access control. You define the usernames, roles, and password characteristics (length, complexity, and expiration timeframe) for your users.

Our User Access

We will create individual user accounts for each of our employees or contractors that have a business need to access the KruptoConnect production environment. The following guidelines will be followed about our user account management:

  • User accounts are requested and authorized by our management.
  • User accounts follow the concept of least privilege.
  • Dormant or unused accounts are disabled after 90 days of non-use.
  • Session time-outs are systematically enforced.
  • User accounts are promptly disabled upon employee termination or role transfer, eliminating a valid business need for access.
access-control

Security Awareness and Training

We have implemented and maintain an information security and awareness program that is delivered to employees and appropriate contractors at the time of hire or contract commencement and annually thereafter. The awareness program is delivered electronically and includes a testing aspect with minimum requirements to pass. Additionally, development staff members are provided with secure code development training.

Policies And Procedures

Policies And Procedures

We maintain policies and procedures to support the information security program. Policies and procedures are reviewed annually and updated as necessary.

Change Management

Change Management

We utilize a change management process based on industry standards to ensure that all changes are appropriately reviewed, tested, and approved.

Data Storage And Backup

Data Storage And Backup

We create backups of critical Customer Data according to documented backup procedures. Backup data will not be stored on portable media.

Vulnerability Testing

Vulnerability Testing

We conduct internal vulnerability scanning on a regular basis with automated scans and at least an annual basis for penetration testing engagement

Data Destruction

Data Destruction

We follow AWS standard practices for the destruction of Customer Data that becomes obsolete or is no longer required under the Agreement.

Code Review

Code Review

Applications running within KruptoConnect were developed and are maintained utilizing industry standard secure coding practices and unit testing

Business Continuity and Disaster Recovery

KruptoConnect is deployed and configured in a redundant infrastructure through AWS. Data repositories in KruptoConnect use redundancy and replication designed to maintain availability and avoid data loss in the event of a lost data node.

disaster-recovery
high

High Availability

KruptoConnect utilizes AWS services to provide highly available environments, including, but not limited to, the following:

  • Availability Zones (AZs) which consist of one or more discrete data centers, each with redundant power, networking and connectivity, and housed in separate facilities;
  • Auto Scaling Groups (ASGs) to dynamically scale clusters based on demand and automatically launch replacement instances in the event of a failure.
  • AWS Elastic Load Balancers (ELBs) to route internal and external traffic to healthy infrastructure and automatically reroute traffic away from unhealthy infrastructure;
  • Durable message queueing systems that support request queuing and point-to-multipoint notifications. Message queues allow us to both load-balance requests/events and handle load bursts without data loss; and
  • Amazon Simple Storage Service (S3). S3 stores objects redundantly on multiple devices across multiple facilities in an Amazon S3 Region. Amazon aims to deliver eleven 9’s of durability.

Security Incident Response

We maintain a Security Incident response program based on industry standards designed to identify and respond to suspected and actual Security Incidents involving Customer Data. “Security Incident” means a confirmed event resulting in the unauthorized use, deletion, modification, disclosure, or access to Customer Data.

01

Notifications

In the event of a confirmed Security Incident involving the unauthorized release or disclosure of Customer Data or other security event requiring notification under applicable law, we will notify you within seventy-two (72) hours and will reasonably cooperate so that you can make any required notifications about such event, unless we are specifically requested by law enforcement or a court order not to do so.

02

Notification Details

  • Date that the Security Incident was identified and confirmed;
  • the nature and impact of the Security Incident
  • actions already taken by us
  • corrective measures to be taken
  • evaluation of alternatives and next steps.

03

Ongoing Communications

We will continue providing appropriate status reports to you regarding the resolution of the Security Incident, continually work in good faith to correct the Security Incident and to prevent future such Security Incidents. We will cooperate, as reasonably requested by you, to further investigate and resolve the Security Incident.

Privacy

We have developed and will maintain a privacy program designed to respect and protect Customer Data under our control. We will not rent, sell or otherwise share any Customer Data with outside parties.

Industry Specific Certifications

Our security and operational controls are based on industry standard practices and are designed to meet, ISO 9001, HIPAA, PCI Service Provider Level 1, and SSAE16 Service Organization Control (SOC) guidelines.

KruptoConnect utilizes infrastructure deployed on Amazon Web Services (AWS). AWS provides the following letters of compliance and/or certification: ISM, ASD, ISO 9001:2008, ISO 27001:2013, ISO 27018:2014, ISO 27017:2015, Multi-Tier Cloud Security Standard Level-3 (CSP) Certification. AWS also undergoes frequent SOC 3 audits. A copy of the certifications and audit reports for AWS are available on the AWS website at http://aws.amazon.com/compliance/published-certifications.

In Summary, our Customers are solely responsible for achieving and maintaining any industry specific certifications required for their business (e.g., PCI DSS, HIPAA, GLBA, NIST 800-53, FedRAMP, etc.).

privacy

Availability

To help realize this, KruptoConnect cloud contact center lives in multiple availability regions in tier 4 data centers and uses active/active redundancy on AWS Cloud Platform. This means not only is your contact center replicated, but redundant backups are active, routinely tested, and ready to failover in an instant. KruptoConnect is a reliable contact center designed for ease of use and ease of mind.

We know that organizations rely on their contact center to be available always. When customers are reaching out for assistance or information, call center availability is critical.

10 Max Number of Availability Zones

KruptoConnect Services exists on a minimum of two redundant AWS availability zones. Fiber networks bridge together availability zones within the same region for low-latency and fault tolerance.

24/7 Round the Clock Monitoring

In the event of a failure in any one of Service, the service is automatically migrated to another server. Our operations staff gets to work performing triage with Amazon Web Services staff to ensure continued availability of all contact center services.

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.