K2 understands how critical it is for our customer’s applications and data to be secure no matter where they run. We utilize a rigorous program of third-party audits to ensure cloud security and compliance across a number of industry standards.
ISO 27001:2013 is a well-known set of international standards relating to the secure management of information, particularly in a cloud-based environment. The K2 Cloud Platform has been independently verified to meet all ISO 27001:2013 standards for cloud security and information management.
SSAE 16 Service Organization Control 2 (SOC2), reports on various organizational controls related to security, availability, processing integrity, confidentiality or privacy performed by the AICPA as a third-party audit. A SOC2 Type II report is not a state in time audit but a full review of performance to defined policies and processes looking backward over the past year. It provides a detailed review, by an independent audit firm, of K2 Cloud’s security, availability, and confidentiality controls. K2 Cloud also operates within SOC2 attested Azure datacenters to ensure that all services are independently evaluated and the proper controls are utilized.
Government Cloud (G-Cloud) is a UK government initiative to ease procurement of cloud services by government departments and promote government-wide adoption of cloud computing. G-Cloud comprises a series of framework agreements with cloud services suppliers, and a listing of their services in an online store—the Digital Marketplace. This enables public-sector organizations to compare and procure those services without having to do their own full review process. Inclusion in the Digital Marketplace requires a self-attestation of compliance, followed by a verification performed by the Government Digital Service (GDS) branch at its discretion. The Crown Commercial Service (CCS) is focused on providing commercial services to the public sector by working with both departments and organizations across the whole of the sector to ensure maximum value is extracted from every commercial relationship and improve the quality of service delivery. K2 Cloud is compliant with the G-Cloud Framework. K2 Cloud’s G-Cloud certification can be found in the gov.uk Digital Marketplace
In highly regulated industries, like the life sciences industry, K2 helps companies build applications that comply with federal regulations, including Code of Federal Regulations Title 21 (CFR 21 Part 11). CFR 21 Part 11 defines regulatory compliance standards for electronic records, documents and signatures, and the way in which they are managed. For more information see the K2 and CFR 21 Part 11 datasheet.