Built for thecompliance file.
Procurement, security, and audit teams are first-class citizens of every Kleio engagement. This is the documentation surface that shows up during diligence.
Let all things be done decently and in order.
Standards we operate against.
Audited annually since 2021. Continuous monitoring.
Information security and privacy management systems.
BAA-ready. Production deployments since 2019.
Data-residency options across US, EU, UK.
Reference architectures for moderate workloads.
Tokenization, vaulting and audit trail patterns.
How an engagement is run.
Every engagement opens with a written architectural decision record. You keep the document.
Standard MSA with named-team continuity, IP ownership, and exit clauses written in plain English.
$5M E&O · $5M Cyber · $2M General. Certificates on request.
SLO performance, spend vs. plan, risk register. Reviewed with your CFO and CTO.
The unsexy infrastructure of trust.
SSO via SAML/OIDC. Hardware-backed second factor required for production. Quarterly access reviews, evidenced.
Tenant isolation by default. Encryption at rest (AES-256) and in transit (TLS 1.3). Data residency options across US, EU, UK.
Continuous SCA + SAST + DAST. Annual penetration tests by an independent firm. Patch SLAs aligned to CVSS.
24/7 on-call. Defined severity matrix. Customer notification within 24 hours of confirmed material incident.
Subprocessors reviewed quarterly. Public list maintained. SCCs and DPAs available.
RTO 4 h, RPO 15 min for managed-platform engagements. Quarterly DR exercises.