{"id":3862,"date":"2019-09-06T17:02:08","date_gmt":"2019-09-07T00:02:08","guid":{"rendered":"https:\/\/www.kintone.com\/us\/?page_id=3862"},"modified":"2024-06-10T08:03:29","modified_gmt":"2024-06-10T08:03:29","slug":"security","status":"publish","type":"page","link":"https:\/\/d2mzbk2zjjwglz.cloudfront.net\/us\/security\/","title":{"rendered":"Service Level Objective"},"content":{"rendered":"\n<\/span>\n

1. Availability and Reliability<\/a><\/p>\n

2. Data Encryption (In-Transit and At-Rest)<\/a><\/p>\n

3. CSIRT<\/a><\/p>\n

4. Vulnerability & Penetration Testing<\/a><\/p>\n

5. Product-Based Secure Access Features<\/a><\/p>\n

6. Security Assessment<\/a><\/p>\n<\/span>\n

7. Compliance<\/a><\/p>\n<\/span>\n\n\n\n

1.  Availability\nand Reliability<\/h2>\n\n\n\n

Kintone utilizes Amazon Web Services (AWS) hosting infrastructure. Our\nservices are geo-redundantly replicated across multiple availability zones for\nhigh availability and reliability.<\/p>\n\n\n\n

The availability of the main functions of kintone.com can be confirmed on the Status Page (https:\/\/status.kintone.com<\/a>).<\/p>\n\n\n\n

1.2 Operating Hours<\/h3>\n\n\n\n

Our platform operates 24 hours a day, 365 days a year (excluding\npre-announced maintenance), with regular backup and redundancy built-in.<\/p>\n\n\n\n

1.3 Scheduled Downtime<\/h3>\n\n\n\n

Sometimes we need to perform maintenance to keep kintone.com<\/a>\nworking smoothly. If scheduled downtime is necessary, we\u2019ll give you at least 1\nweek advance notice.<\/p>\n\n\n\n

1.4 Support<\/h3>\n\n\n\n

All customers with Eligible Products will receive the following support:<\/p>\n\n\n\n

Ticket support: Monitored 9:00 A.M. to 5:00 P.M PST. Monday \u2013 Friday, excluding these major US Holidays<\/a>. Tickets received outside of business hours will be sent to a mailbox, and necessary action will be taken the next working day.<\/p>\n\n\n\n

Contact Support: https:\/\/www.kintone.com\/us\/support\/<\/a><\/p>\n\n\n\n

Eligible Products are defined as:<\/p>\n\n\n\n

1. Paid Kintone.com subscription of $24 or $15\/user\/month<\/p>\n\n\n\n

2. Third party services purchased directly from Kintone Corporation<\/p>\n\n\n\n

3. Kintone Plug-ins are supported on a best effort basis. Please reference the Kintone Plug-in Terms of Use<\/a><\/p>\n\n\n\n

1.5 Data Backup<\/h3>\n\n\n\n

Data from the last 14-days are stored for system recovery. All files older than 14 days on Kintone rely on Amazon S3’s internal redundancy mechanism for recovery. This backup process is a countermeasure to unexpected server failure or major disasters and is not intended to serve as a recovery method in the event of data loss due to customer error.<\/p>\n\n\n\n

1.6 Data Deletion<\/h3>\n\n\n\n

All data stored within a customer account sub-domain shall be deleted upon the expiry of the retention period we separately determine.<\/p>\n

Back to Top<\/a><\/p>\n<\/span>\n\n\n\n

2. Data encryption in transit and at rest<\/h2>\n\n\n\n

Customer data stored at kintone.com is encrypted using AWS features. AWS\nRDS, S3, and so on.<\/p>\n\n\n\n

All data is encrypted as it moves between our servers and your web browser.
\nThe Kintone service is offered only with SSL connections, and provides optional\nIP address connectivity restrictions, 2-Factor Authentication.<\/p>\n

Back to Top<\/a><\/p>\n<\/span>\n\n\n\n

3. CSIRT<\/h2>\n\n\n\n

Cy-SIRT (Cybozu Computer Security Incident Response Team) is an in-house\nexpert security group created to prepare against and handle any Security\nincidents. Cy-SIRT helps create policies to protect against threats and\nresponds rapidly and in real-time to identify, contain, and eradicate threats\nas they arise.<\/p>\n

Back to Top<\/a><\/p>\n<\/span>\n\n\n\n

4. Vulnerability & Penetration Testing<\/h2>\n\n\n\n

Kintone has third-party vulnerability testing auditors such as Vulnerability Defense Laboratory perform vulnerability\/penetration audits on our platform on a semi-annual or as needed (when any major updates occur) basis.\u200b<\/p>\n\n\n\n

To see the all the testing reports, click here<\/a><\/p>\n\n\n\n

A penetration test simulates the actions of an external and\/or internal\ncyber attacker that aims to breach the information security of the\norganization.<\/p>\n\n\n\n

Found a security problem? Report it here.<\/a><\/p>\n

Back to Top<\/a><\/p>\n<\/span>\n\n\n\n

5. Product-Based Secure Access Features<\/h2>\n\n\n\n

Read the help documentation for details on each feature. https:\/\/get.kintone.help\/<\/a><\/p>\n\n\n\n

SAML<\/h3>\n\n\n\n

Security Assertion Markup Language (SAML) is an XML-based open standard data\nformat that links authentication information across several security domains.\nIf SAML Authentication is used, you can single sign-on into Kintone using the\nuser account that is registered in your company\u2019s Identity Provider (IdP). To\nuse Kintone as the Service Provider (SP) to link with SAML Authentication, an\nIdP that supports SAML 2.0 is needed.<\/p>\n\n\n\n

Two-factor authentication<\/h3>\n\n\n\n

Two-factor authentication is an added layer of security for your Kintone\naccount. This makes it more difficult for someone else to log in to your\naccount.<\/p>\n\n\n\n

IP address restrictions<\/h3>\n\n\n\n

Restricts access from IP addresses that are not listed.<\/p>\n\n\n\n

Login and Password Policies<\/h3>\n\n\n\n

Password settings<\/h4>\n\n\n\n

The following is a list of password settings that can be configured when\nsetting up a Kintone account.<\/p>\n\n\n\n