Kronos Private Cloud (KPC) Security

Infrastructure Services Security

Kronos offers a hosting environment built upon a secure infrastructure, which undergoes examinations from an independent auditor in accordance with the AICPA's SSAE16 (i.e., SOC 1) and the American Institute of Certified Public Accountants' TSP Section 100a, Trust Services Principles, Criteria, and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (i.e., SOC 2 and SOC 3). For added security, Kronos staff utilize two-factor authentication when accessing the infrastructure. This authentication technology helps mitigate a number of security risks associated with logging into the infrastructure system.

The Kronos Private Cloud (KPC) is located in a third-party data center which also undergoes an independent examination in accordance with the AICPA's SSAE16 standard. Colocation services consist of physical and environmental protection services. The facility perimeter is equipped with surveillance cameras and a 24-hour guard station to monitor access. Network traffic to VLANs in the KPC is regulated via redundant, next generation firewalls that limit access to authorized management and customer traffic.

Kronos Management Access

Management access to the KPC is limited to authorized Kronos support staff and customer authorized integrations. The security architecture has been designed to control appropriate logical access to the KPC to meet the Trust Services Criteria and Principles established by the AICPA. A centralized secure file transfer solution facilitates data transfers between the customer and KPC. This solution provides for an encrypted transmission and logging of all files transferred into or out of a customer environment.

Customer Access and Application Configuration

Customers access the KPC via encrypted SSL sessions. The Applications provide the customer with the ability to configure application security and logical access per the customer's business processes.

For further information, please refer to the Kronos SOC 3 report.