K2 Cloud information security system#

Information security management system#

K2 Integration (“K2”) has also implemented an information security management system (ISMS) covering K2 Cloud. ISMS defines information security policies and procedures to minimize potential risks, establishes and controls the secure software development processes and update installation rules, and responds to security events and incidents. K2 Cloud security specialists monitor, improve the established ISMS processes and ensure compliance.

K2 Cloud ISMS meets the practical Russian and international information security standards and the Russian data protection laws and is subject to regular independent security audits.

Availability Zones#

K2 Cloud resides in three geographically distributed K2-owned data centers located in Moscow at the following addresses:

  • 5 block 6, 2nd Entuziastov St., Moscow, 111024, Russian Federation;

  • 5 block 1, Volochaevskaya St., Moscow, 111033, Russian Federation;

  • 5 block 2, Volochaevskaya St., Moscow, 111033, Russian Federation.

In each data center, an infrastructure is dedicated for K2 Cloud and called an availability zone. All the availability zones are isolated from hardware and software failures that may occur in other zones. Hosting applications in several zones at once ensures the high availability of the deployed systems and minimizes the risk of data loss.

You can host your resources in the following availability zones:

  • ru-msk-comp1p;

  • ru-msk-vol51;

  • ru-msk-vol52.

Employee training and awareness improvement#

K2 Cloud maintenance specialists regularly receive advanced training. The adopted personnel management and training processes allow K2 Cloud to monitor and ensure:

  • staff recruitment, including definition and check of required skills;

  • identification of staff training tasks;

  • training for new employees (onboarding);

  • regular training and skill assessment;

  • experience sharing, mentoring and coaching;

  • motivation.

The awareness of the employees involved in the K2 Cloud development and maintenance is improved through:

  • mandatory informing of all the specialists about new vulnerabilities and emerging threats following the established information security rules;

  • mandatory annual training for all the specialists in secure development rules and basics;

  • constant exchange of experience with coaches and experts, and mentoring.

In addition, K2 Cloud operation staff regularly attends external training courses, technical conferences, and seminars.

Asset inventorization and utilization#

K2 Cloud has adopted a regulated procedure for inventorying assets, including assets used to process client data. There are formalized rules about how information and assets employed to process data can be handled and their acceptable uses, and these rules are regularly communicated to the parties concerned.

The assets are classified in compliance with the effective legislation of the Russian Federation, taking into consideration the value of the information and negative consequences that might occur in case of its loss, unauthorized alteration or disclosure.

The information processed in K2 Cloud shall be protected, regardless of its type, accumulation method or material media. Tags can be used to classify and label cloud resources.

Unusable information media are decommissioned and disposed of in compliance with the adopted rules. As part of the dismissal procedure, employees shall return all the corporate assets they possess while their access to information systems and IT services is terminated automatically.

Supply chain protection from attacks#

We have adopted and regularly monitor a supply chain management process. Responsible employees of K2 Cloud regularly check that suppliers fulfil their obligations competently and on time. Non-disclosure agreements have been concluded with all the service suppliers informed about the established information security requirements and rules.

Data disclosure to third parties#

K2 Cloud does not disclose client details to third parties unless required by the effective legislation of the Russian Federation, or provisions of the agreement concluded with the customer.

In all cases, K2 Cloud does its best to forward all third parties’ requests to the customer.