Security

Customer trust and data security are critical to everything we do at KitchenDEV.

We take the security of your data very seriously.

Compliance Certifications and Regulations

Our software is proudly hosted on DigitalOcean cloud provider. Below are the certifications owner by Digital Ocean. KitchenDEV is also committed to GDPR compliance

ISO/IEC 27001:2013 Certification

By achieving compliance with this globally recognized information security controls framework, audited by a third-party, DigitalOcean has demonstrated a commitment to protecting sensitive customer and company information. That commitment doesn’t end with a compliance framework but is a necessary baseline for security.

EU-U.S. and Swiss-U.S. Privacy Shield Certification
Compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce and the European Commission. The framework provides a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.

EU General Data Protection Regulation

KitchenDEV is committed to helping our users understand the rights and obligations under the General Data Protection Regulation (GDPR), which took effect on May 25, 2018.

Read KitchenDEV’s GDPR Policy

Permissions

We enable permission levels within the software to be set for your team members. KitchenDEV’s Cabinet Pricing & Ordering Software allows you to configure custom permissions for every single page as well as define actions that can be completed within a page like editing/deleting, etc. for each user. 

Password and Credential Storage

KitchenDEV’s Cabinet Pricing & Ordering Software enforces a password complexity standard and credentials are stored using a PBKDF function (bcrypt).

Data Hosting and Storage

KitchenDEV services and data are hosted in DigitalOcean data center facilities in the USA.

Failover and DR

Cabinet Pricing & Ordering Software was built with disaster recovery in mind. All of our infrastructure and data are spread across DigitalOcean availability zones and will continue to work should any one of those data centers fail.

Virtual Private Cloud

All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests from getting to our internal network.

Back-Ups and Monitoring

All actions taken in the Cabinet Pricing & Ordering app are logged. We create daily database backups.

Permissions and Authentication

Access to customer data is limited to authorized employees who require it for their job.

We have strong password policies to ensure access to cloud services is protected.

Encryption

All data sent to or from KitchenDEV is encrypted in transit using 256-bit encryption.

Our API and application endpoints are TLS/SSL only and score an “A” rating on Qualys SSL Labs‘ tests. This means we only use strong cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled.

Incident Response

KitchenDEV implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our policies.

 

Training

All KitchenDEV employees complete Security and Awareness training annually.

Policies

KitchenDEV has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.

Employee Vetting

KitchenDEV performs background checks on all new employees in accordance with laws. The background check includes employment verification and criminal checks for employees.

Confidentiality

All employee contracts include a confidentiality agreement.

PCI Obligations

All payments made to KitchenDEV go through WePay. Details about their security setup and PCI compliance can be found at WePay security page.

 

Data Center Colocation Attestations and Certifications

All of the DigitalOcean’s data centers are independently audited and/or certified by various internationally-recognized attestation and certification compliance standards.

Below is the list of DigitalOcean data centers and the associated most commonly requested attestations/certifications. To request an NDA for a SOC report/certificate listed below, or if you have any other compliance-related questions please contact DigitalOcean.

Data Security

 

Physical Security

DigitalOcean data centers are co-located in some of the most respected datacenter facility providers in the world. They leverage all of the capabilities of these providers including physical security and environmental controls to secure our infrastructure from physical threat or impact. Each site is staffed 24/7/365 with on-site physical security to protect against unauthorized entry. Security controls provided by DigitalOcean datacenter facilities includes but is not limited to:

  • 24/7 Physical security guard services
  • Physical entry restrictions to the property and the facility
  • Physical entry restrictions to DigitalOcean’s co-located datacenter within the facility
  • Full CCTV coverage externally and internally for the facility
  • Biometric readers with two-factor authentication
  • Facilities are unmarked as to not draw attention from the outside
  • Battery and generator backup
  • Generator fuel carrier redundancy
  • Secure loading zones for delivery of equipment
  • Infrastructure Security

DigitalOcean’s infrastructure is secured through a defense-in-depth layered approach. Access to the management network infrastructure is provided through multi-factor authentication points which restrict network-level access to infrastructure based on job function utilizing the principle of least privilege. All-access to the ingress points is closely monitored and is subject to stringent change control mechanisms.

Systems are protected through key-based authentication and access is limited by Role-Based Access Control (RBAC). RBAC ensures that only the users who require access to a system are able to log in. DigitalOcean considers any system which houses customer data that they collect or systems that house the data customers store with them to be of the highest sensitivity. As such, access to these systems is extremely limited and closely monitored.

Additionally, hard drives and infrastructure are securely erased before being decommissioned or reused to ensure that your data remains secure.

Access Logging

Systems controlling the management network at DigitalOcean log to their centralized logging environment to allow for performance and security monitoring. DigitalOcean logging includes system actions as well as the logins and commands issued by system administrators.

Security Monitoring

DigitalOcean’s Security team utilizes monitoring and analytics capabilities to identify potentially malicious activity within the infrastructure. User and system behaviors are monitored for suspicious activity, and investigations are performed following our incident reporting and response procedures.

Droplet Security & Employee Access

The security and data integrity of customer Droplets is of the utmost importance at DigitalOcean. As a result, technical support staff does not have access to the backend hypervisors where virtual servers reside nor direct access to the NAS/SAN storage systems where snapshots and backup images reside. Only select engineering teams of DigitalOcean have direct access to the backend hypervisors based on their role.

Snapshot and Backup Security

Snapshots and Backups are stored on an internal non-publicly visible network on NAS/SAN servers. Customers can directly manage the regions where their snapshots and backups exist which allows the customer to control where their data resides within DigitalOcean data centers for security and compliance purposes.

Security questions or issues?

If you think you may have found a security vulnerability, please contact us. Learn more about KitchenDEV Security by reading our Terms of Service and GDPR Policy.