<{{Subtitle_Weight}} class="prominent-subhead {{Show_Subtitle}}"> {{Header_Subtitle}}

K2 Certifications and Compliance

~~repeating-content.html~~

K2 Certifications and Compliance

K2 understands how critical it is for our customer’s applications and data to be secure no matter where they run. We utilize a rigorous program of third-party audits to ensure cloud security and compliance across a number of industry standards.

ISO 27001 certified
K2 Certifications and Compliance

K2 understands how critical it is for our customer’s applications and data to be secure no matter where they run. We utilize a rigorous program of third-party audits to ensure cloud security and compliance across a number of industry standards.

ISO 27001 certified
ISO 27001:2013

ISO 27001:2013 is a well-known set of international standards relating to the secure management of information, particularly in a cloud-based environment. The K2 Cloud Platform has been independently verified to meet all ISO 27001:2013 standards for cloud security and information management.

ISO 27001 certified
SOC2 Type II

SSAE 16 Service Organization Control 2 (SOC2), reports on various organizational controls related to security, availability, processing integrity, confidentiality or privacy performed by the AICPA as a third-party audit. A SOC2 Type II report is not a state in time audit but a full review of performance to defined policies and processes looking backward over the past year. It provides a detailed review, by an independent audit firm, of K2 Cloud’s security, availability, and confidentiality controls. K2 Cloud also operates within SOC2 attested Azure datacenters to ensure that all services are independently evaluated and the proper controls are utilized.

ISO 27001 certified
SOC3 

The SOC 3 Report, just like SOC 2, is based upon the Trust Service Principles and performed under AT101, the difference being that a SOC 3 Report can be freely distributed (general use) and only reports on if the entity has achieved the Trust Services criteria or not (no description of tests and results or opinion on the description of the system). The lack of a detailed report requires that a SOC 3 be performed as a Type II, unlike SOC 1 and SOC 2 where there is a Type I option. SOC 3 reports can be issued on one or multiple Trust Services principles (security, availability, processing integrity, confidentiality and privacy) and allow the organization to place a seal on its website upon successful completion.