Device Management
Endpoint Detection & Response
Vulnerability Management
Kai
Liftoff
Prism
Migration Agent
Auto Apps
Passport
Compliance
Assignment Maps
Managed OS
Integrations
Mac
iPhone and iPad
Apple TV
Vision Pro
Financial Services
Technology
Artificial Intelligence
Marketing Agencies
Resources Hub
Kandji Blog
Customer Stories
Mac Admins Community
Security Details
MDM Comparison Guide
Customer Support
Product Updates
Kandji Status
Customer Login
Register a Deal
Become a Partner
Partner Portal
About Kandji
News & Press
Careers
Contact
Why Kandji?
SOC 2 Type II
Kandji’s successful completion of a SOC 2 Type 2 examination of related components and services ensures we maintain a robust set of security controls, policies, and practices. The AICPA’s SOC for Service Organizations Trust Services Criteria regularly validates these protocols through external audits.
Our SOC 2 Type II report is available to current and prospective enterprise customers upon request, subject to the appropriate non-disclosure agreements.
ISO 27001
Kandji has successfully completed the ISO 27001 certification. The ISO 27001 is the international standard to manage information security. This demonstrates that Kandji successfully operates a systematic approach to securing the data of our customers as well as our corporate information, and our commitment to continuous risk management.
Our ISO 27001 certification is available to current and prospective enterprise customers upon request, subject to the appropriate non-disclosure agreements.
Secure development process
Kandji uses static (SAST) and dynamic analysis tools (DAST) to improve the security of our development process in the build pipeline. We evaluate source code and dependencies, then combine that evaluation with an analysis of exploitability trends and simple versioning as a function of our Secure-SDLC.
We institute change controls across production environments and security controls as best practices to continuously improve our capability-maturity model.
Regular Penetration Testing
Kandji’s environments and products are scanned for vulnerabilities monthly via a reputable third-party platform and daily internally across our development pipelines. External penetration tests are performed a minimum of 2 times per year by a qualified third-party firm.
The results of these scans and tests are integrated into our development workflow to be addressed based on criticality and our vulnerability management policy.
Vulnerability Disclosure / Bug Bounty
Kandji maintains a Vulnerability Disclosure Program to enable security researchers to securely report vulnerabilities they may have found.
Security Resources
Kandji maintains several additional online resources related to our policies, terms, and practices.