Security Compliance

Khoros takes Information Security and Compliance very seriously. 

Our security controls and mechanisms are aligned with, and certified by, several industry standards.

Thumb mark of trust certified ISOIEC 27001 information security management black logo En GB 1019 Copy

ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using them enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.

View Certificate

21972 312 SOC Non CPA

These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.

Contact your Khoros Account team to request our SOC 2 Type II report.

TRUSTe

Companies who display the TRUSTe Certified Privacy seal have demonstrated that their privacy policies and practices meet the TRUSTe Enterprise Privacy & Data Governance Practices Assessment Criteria. 

View Certificate

TRUSTe

Companies who display the APEC Processor seal have demonstrated that their activities as a Personal Information Processor meet the APEC Privacy Recognition for Processors Program Requirements.

View Certificate

Pci dss compliant logo

The PCI Security Standards Council’s mission is to enhance global payment account data security by developing standards and supporting services that drive education, awareness, and effective implementation by stakeholders.

Contact your Khoros Account team to request our PCI DSS documentation.

Security Operations

Khoros protects all sensitive customer information by implementing operational policies and procedures including Proactive Monitoring, Encryption at rest and in transit, Vulnerability Management, Intrusion Detection and Prevention, and Data Retention and Destruction Policies.

Business Continuity and Disaster Recovery

Khoros utilizes AWS as its hosting platform which gives us the ability to remain resilient globally even if one location goes down. AWS spans multiple geographic locations and availability zones.

Secure Application Development

Khoros has robust processes in place to assure that security is tightly integrated within our products.

Risk Management

Khoros maintains a documented risk management program with an owner responsible for maintenance of the document and annual review of security risks. In depth risk analyses are performed for all critical systems. Results are documented in a central tracking system and findings are remediated accordingly. Risk assessments are conducted annually at minimum.

Physical Security

Khoros products are hosted on Amazon Web Services (AWS) in The United States, Ireland* and Australia*. Physical and environmental controls are specifically outlined in AWS’s Security Whitepaper. Additionally, AWS supports ISO 27001, SOC2 Type II, FedRAMP and FISMA certification, which requires best practice in physical and environmental controls.

Third Party Vendor Management

Khoros engages with third party vendors to provide you services more effectively, where those organizations may impact Khoros’ Security Posture, we take appropriate steps to ensure security is maintained by establishing contractual agreements that require services organizations to adhere to requirements laid out by Khoros. To review the list of our sub-services organization, please visit https://khoros.com/khoros-subprocessors.

Incident Response

Khoros has established policies and procedures (also known as runbooks) for responding to potential security incidents. All incidents are managed by Khoros dedicated Security Incident Response Team.