SOC 2 Type II
Kandji’s successful completion of a SOC 2 Type 2 examination of related components and services ensures we maintain a robust set of security controls, policies, and practices. The AICPA’s SOC for Service Organizations Trust Services Criteria regularly validates these protocols through external audits.
Our SOC 2 Type II report is available to current and prospective enterprise customers upon request, subject to the appropriate non-disclosure agreements.
Secure development process
Kandji uses static (SAST) and dynamic analysis tools (DAST) to improve the security of our development process in the build pipeline. We evaluate source code and dependencies, then combine that evaluation with an analysis of exploitability trends and simple versioning as a function of our Secure-SDLC.
We institute change controls across production environments and security controls as best practices to continuously improve our capability-maturity model.
Regular Penetration Testing
Kandji’s environments and products are scanned for vulnerabilities monthly via a reputable third-party platform and daily internally across our development pipelines. External penetration tests are performed a minimum of 2 times per year by a qualified third-party firm.
The results of these scans and tests are integrated into our development workflow to be addressed based on criticality and our vulnerability management policy.
Vulnerability Disclosure / Bug Bounty
Kandji maintains a Vulnerability Disclosure Program to enable security researchers to securely report vulnerabilities they may have found.
Kandji maintains several additional online resources related to our policies, terms, and practices.