Information Protection at Kazoo
Kazoo’s security controls and procedures keep you in control of your data so that it is both accessible and secure.
Cyber Risk Governance
Kazoo has adopted the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) as its risk-based framework for Information Security. Our controls are designed to meet requirements for System and Organization Controls (SOC) reporting, leveraging NIST and International Organization for Standardization (ISO) 27001. Kazoo’s commitment to safeguard and protect customer information is reflected in a security-focused leadership within the organization.
Additionally, our company has achieved a SOC 2 attestation, governed by the American Institute of CPAs (AICPA). The SOC 2 examination performed by an independent accounting firm demonstrates Kazoo’s ability to meet the AICPA Trust Services Category for Security, and dedication to protect customer information by adhering to the industry standards available.
Security and Privacy Awareness Training
An integral part of safeguarding the information of customers is our focus on promoting a healthy culture of security and privacy awareness throughout Kazoo by educating employees on safe handling of information. Our mandatory annual training is also provided to all new-hire as part of Kazoo’s Human Resource on-boarding process.
Data Security Safeguards
Customer information is encrypted both during transmission, at rest in production environment and backup using industry standard protocols. The Kazoo platform is securely designed to provide customers with various features to configure (e.g.: Single Sign-On) the logical security of their users’ environment in accordance customer security policies.
Customer information is backed up daily and resides on a secure, access controlled and redundant infrastructure to prevent single points of failure. The Kazoo platform monitors for failures, and recover failed components including application and database underlying systems. Kazoo’s physical infrastructure is hosted and managed within Amazon’s secure data centers, Amazon Web Service (AWS). AWS’ state-of-art data centers have successfully achieved various certifications and attestations that demonstrate compliance with the highest industry standards.
Compliance with data protection laws and regulations
Kazoo’s Data Privacy Program is aligned with GDPR compliance requirements and monitors the data protection landscape across various relevant jurisdictions as well laws at the national and state levels. We comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Our service is regularly audited to ensure compliance with relevant laws and regulations.