Last updated on December 22nd, 2023 at 1:36pm
Kion is committed to meeting the highest standards of security, availability, processing integrity, confidentiality, and customer data privacy. In addition, our product offers capabilities to help those looking to meet similar requirements across their cloud environment:
- Kion is a self-hosted solution that has been deployed within some of the most secure cloud environments.
- Our security control matrices, mapped to industry standards like HIPAA, PCI-DSS, and FedRAMP, help reduce audit prep time.
- Our 8,000+ built-in compliance checks make it easy to adhere to best practices like CIS, NIST CSF, PCI, 800-53, and 800-171.
In this post, we summarize the internal activities and external recognition to illustrate our commitment.
Robust Internal Controls and Monitoring
Kion performs continuous monitoring across our environments to validate the security of our data, infrastructure, network, and product.
To identify and address vulnerabilities and ensure that our software and organization remains resilient against evolving cyber threats, we undergo regular security and compliance audits and penetration testing, performed both internally and by certified third-party consultants.
In addition to these internal activities, Kion has received numerous accreditations and certifications from third-party organizations that validate our capabilities and security posture.
Compliance Aligned with Global Standards
SOC 2
A System and Organization Controls (SOC) 2 examination is a report on controls at an organization that are relevant to security, availability, processing integrity, confidentiality, or privacy. Kion has successfully undergone an audit process and earned its SOC 2 Type 1 attestation. Our full SOC 2 Type 1 audit report is available to customers and prospects under NDA upon request. To request a copy and get additional details on Kion’s current security compliance status and Corporate Security Policies, visit our Trust Center.
CSA STAR
The Cloud Security Alliance (CSA) Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings. The CSA STAR Self-Assessment helps users assess the security of cloud providers they are using or evaluating. STAR Self-Assessments are updated annually.
Kion has achieved CSA's STAR Level 1.
Partner and Industry Recognition
AWS Partner Program
Kion has been a long-term member of the AWS partner program. We’ve achieved the following competencies from AWS, distinctions awarded to AWS partners with validated solutions and deep technical expertise in key cloud disciplines:
- Security
- Cloud Operations
- Government
Kion is a member of the AWS Public Sector Partner and Global Security & Compliance Acceleration (ATO on AWS) partner programs.
In addition, Kion has achieved the following AWS Service Validations:
- Amazon Linux Ready Product
- AWS Control Tower Ready
Higher Education
HECVAT
Kion has completed the Higher Education Community Vendor Assessment Tool (HECVAT) created by EDUCAUSE's Higher Education Information Security Council (HEISC) in collaboration with Internet2 and the REN-ISAC. The HECVAT questionnaire is specifically designed to help higher education institutions measure vendor risk. Our completed assessment can be requested via the REN-ISAC index.
Internet2 NET+ Program
Kion is the sole cloud management provider within the Internet2 NET+ Cloud Service portfolio, offering support across identity and access management, financials, and compliance. During our service evaluation, Kion was vetted by over 10 higher education institutions that found the company to be well positioned to satisfy the cloud services needs of the research and education community. Through this collaboration with Internet2, Kion provides our solution to cloud-first research and education organizations, including Internet2’s 400+ member institutions, offering the added benefits of streamlined procurement, evaluation documentation, and preferred pricing.
Federal and State/Local Programs
FedRAMP
The Federal Risk and Authorization Management Program (FedRAMP) is a United States federal government-wide compliance program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
Because Kion is hosted within a customer's cloud service provider’s environment (vs a SaaS delivery model), FedRAMP certification does not apply to the Kion solution. Instead, Kion typically resides as a solution on a customer’s General Support Services (GSS) System Security Plan (SSP) and gets accredited at the level of the cloud environment.
We have customers that use Kion in environments governed by various compliance regimes including HIPAA, FedRAMP Moderate, and FedRAMP High. Additionally, Kion helps customers partially satisfy certain technical security controls, making it easier to obtain an authorization to operate (ATO) in the cloud.
StateRAMP
StateRAMP is essentially FedRAMP but for state and local governments. However, unlike FedRAMP, StateRAMP is not officially affiliated with the US government; they are a registered 501(c)(6) nonprofit membership organization with a voluntary program.
StateRAMP’s requirements around NIST 800-53; 3PAO Audits; Low, Moderate, and High Impact Levels; and continuous monitoring largely overlap with FedRAMP requirements. Given this overlap and the fact that Kion is hosted within a customer's cloud service provider’s environment (vs a SaaS delivery model), StateRAMP certification does not apply to the Kion solution.
Conclusion
We value the trust placed in Kion by our customers and partners. We’re dedicated to keeping this trust by adhering to the highest standards across security, availability, processing integrity, confidentiality, and data privacy. If you have questions regarding our security and compliance practices, please contact our team.