Kustomer Receives ISO 27001 Certification for Information Security Management

Kustomer Receives ISO 27001 Certification for Information Security Management TW

Here at Kustomer we understand the importance our clients place on their data, and that is why we consider keeping it safe one of our biggest priorities. We architected the Kustomer platform from the beginning to deliver secure, reliable, continuously available applications, where the privacy of our customers’ data is always protected. The way we do that is through our continued commitment to security and privacy. Our latest addition to our list of compliances and certifications is the international standard on Information Security Management, ISO/EIC 27001.

What Does This Mean?

Being certified attests that Kustomer has security policies and controls in place for information and data management that are in alignment with the ISO/IEC 27001:2013 standard and specifications for an information security management system (ISMS). But what this really means is that we at Kustomer have invested the time, effort, and resources into growing and improving upon how we protect our clients’ data, as well as committed to continuous improvement of our information security program.

Scope of Coverage Statement

Kustomer ISMS scope is bound by the management, development, operations, maintenance, and delivery of The Kustomer Platform, which is centrally managed out of Kustomer’s NYC-based headquarters. In addition, an Infrastructure-as-a-Service (IaaS) Data Center provider is used for protecting the infrastructure that runs all of the services offered in the IaaS. Kustomer’s security controls for managing the IaaS environment are included in the scope, with the exception of the physical and environmental controls.

All clients of Kustomer using in-scope products or services are covered by this certification at no extra cost.

Additional Information

While each of these compliance standards are critical, and convey our effectiveness at protecting the data of our current and future customers, they are steps in a continuous journey to earn and maintain trust. It is a journey that we take seriously, knowing it has no end, and we are excited to celebrate each significant compliance milestone with the entire Kustomer community.

For additional information or questions around compliance, security, or privacy at Kustomer, or if you wish to obtain a copy of our ISO certification, do not hesitate to reach out to security@kustomer.com. We are proud of the emphasis we place on security and privacy at our company and look forward to sharing future announcements and updates that reflect this.
 

Kustomer Keeps Client Data Safe, Secure and Private

Recently, Kustomer was referenced in the New York Times. In almost all circumstances that would be a good thing for a fast growing startup. But in this case, it was not. The New York Times article was not about how Kustomer is revolutionizing customer service. It was not about our commitment and singular mission of helping businesses treat their customers better, and our fast growth since 2015. It was about consumer value scores and our use of data. We felt this issue is such an important one that it required clarification.

Kustomer does not develop, generate or provide consumer value scores based on client data. Kustomer. Does. Not. Do. Consumer. Scoring. We don’t sell any personal data we come in contact with, use it for our internal business purposes, nor aggregate or share it across our clients.

As an enterprise SaaS software solution that powers the customer experience of today’s best brands across the globe, we take seriously the value of the data that may be placed in our hands by our clients. It is true, that in the course of using the Kustomer platform, our clients will necessarily store data of their customers. Our only role when it comes to that data is to help our clients deliver a standout service experience while keeping that data private and secure.

We know our clients take the data privacy and security practices of their vendors seriously. Various data privacy laws require it and their reputations depend on it. We are vetted regularly around the strength of our privacy and security controls.

To provide independent validation of our security practices and controls for safeguarding client data and to ensure that our clients meet their regulatory and compliance requirements, we have sought and achieved compliance for GDPR, HIPAA, SOC2 Type 1, and EU-US and Swiss-US Data Privacy Shield.

We have built robust logging, auditing, monitoring, and data encryption capabilities into the platform. We have also adopted industry best practices for security controls and processes throughout the many layers of the application environment and software development lifecycle. This has included strict endpoint management, extensive employee security awareness training, and comprehensive vulnerability management with regular 3rd-party penetration testing and code reviews.

Using third-party service providers and data processors is an essential part of any business’s operations, and data privacy laws for years have contemplated this reality. It’s disappointing that individuals were led to believe that Kustomer compiles information and creates some type of consumer value score or uses their personal data without consent. Instead, we are helping our clients perform an essential business function, which is to help them deliver exceptional customer service.

We honor the trust that customers place in our clients’ hands, and are committed to keeping those relationships strong, meaningful — and private.

Deliver effortless, personalized customer service.

Request Live DemoStart Interactive Demo