Your employee information is secure and available always
From storing, transferring, accessing, backing up, monitoring, to testing & reviewing our security procedures, every aspect is covered to meet industry best practice standards.
Data Privacy and Data Access
Our success hinges on providing a safe and trustworthy environment for your subscription data. Protecting your data is our obsession, which involves a cross-functional approach with initiatives big and small. Here’s an overview of the major themes of our privacy and security protocols.
Keka leverages Microsoft Azure and Amazon AWS cloud infrastructure each with it's own private network. We do not use any other local or on-premise infrastructure to store any customer information on our development or test environments.
Keka maintains compliance with the EU’s General Data Protection Regulation and maintains product features, corporate protocols, and legal documents to help our users and customers comply.
Application security
Sessions between you and your portal are protected with in-transit encryption using 2,048-bit or better keys and TLS 1.0 or above. Users with modern browsers will use TLS 1.2 or 1.3.
Keka monitors potential attacks with several tools, including a web application firewall and network-level firewalling. In addition, the Keka platform contains Distributed Denial of Service (DDoS) prevention defenses to help protect your site and access to your products.
Keka implements static code analysis tools and human review processes in order to ensure consistent quality in our software development practices.Our Secure Coding practices are in accordance with OWASP guidance
Datacenter Protections
Keka products are hosted with cloud infrastructure providers with SOC 2 Type II and ISO 27001 certifications, among others. The certified protections include dedicated security staff, strictly managed physical access control, and video surveillance
Keka’s patch management process identifies and addresses missing patches within the product infrastructure. Server-level instrumentation ensures tracked software packages use the appropriate versions.
Keka’s security incident process flows and investigation data sources are pre-defined during recurring preparation activities and exercises and are refined through investigation follow-ups. We use standard incident response process structures to ensure that the right steps are taken at the right time.
Audits, Vulnerability Assessment & Penetration Testing
Keka tests for potential vulnerabilities on a recurring basis. We run static code analysis, and infrastructure vulnerability scans.
Keka leverages 3rd party penetration testing firms several times a year to test the Keka products and product infrastructure.
Keka conducts regular external audits and certification
Resiliency and Availability
Keka’s availability is consistently above 99.9%. Customer data is 100% backed up to multiple online replicas with additional snapshots.
Our product and operations team monitor application, software, and infrastructure behavior using proprietary and industry recognized solutions.
Keka maintains multiple failover instances to prevent outages from single points of failure.
Keka has robust controls in place to recover data and application code in shortest time. Recovery Point Objective (RPO) and Recovery Time Objective (RTO) when applied for data is 12 hours and 1 hour 35 mins respectively. We have 35 days point in time restoration which allows us to restore any desired date and time within these last 35 days.