Skai Trust, Security and Compliance Center

Security, privacy, and operational excellence — built into everything we do.

Our Commitment to Trust

Trust is earned through action. At Skai, that means safeguarding customer data with strong security and privacy practices, and operating with certified standards and disciplined processes.

Here you’ll find an overview of the controls, certifications, and governance frameworks that support our commitment to security, compliance, and quality.

Privacy and Data Protection

Learn about Skai’s commitment to the privacy of our clients

Compliance and Certifications

Skai maintains industry-recognized certifications and compliance frameworks to ensure strong security, privacy, and operational quality across our business

Security & Data Protection

ISO/IEC 27001:2013

Skai has achieved certification of International Standards Organization(ISO)/International Electrotechnical Commission (IEC) 27001:2013, an international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system. Skai’s ISO 27001 certificate is available upon request and after execution of a non-disclosure agreement.

SOC 2 type 2

SOC 2 is a certification on the controls at a service organization. Skai’s SOC 2 report confirms Skai’s conformity to the trust principles of security, availability, and confidentiality set forth by the American Institute of Certified Public Accountants (AICPA). Skai’s SOC 2 report is available upon request and after execution of a non-disclosure agreement

Quality & Operational Excellence

ISO 9001:2015

Skai has achieved certification to the International Organization for Standardization (ISO) 9001:2015 standard, an international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving a quality management system. Skai’s ISO 9001 certificate is available upon request and after execution of a non-disclosure agreement.

Security FAQ

Access Control

Customer Controlled

The customer retains full control of who has access and to what within the Skai application.

Complex Passwords

Skai applications require complex passwords by default.

SSO

Skai supports Security Assertion Markup Language 2.0 for customers that would like to use single sign on.

Multi Factor

Skai recommends the use of multi-factor authentication when using Skai applications.

Application Security

SDLC

Skai developers follow the Skai software development lifecycle when developing applications. Security is built into this process. Source code is manually and automatically reviewed before deployment to production systems.

Patch Management

Patch Management in the Skai application are patched on an on-going basis and prioritized by criticality of risk.

Penetration Testing

All Skai applications undergo penetration testing on a minimum an annual basis. Penetration tests are performed by a third party.

Web Application Firewall

Skai applications are protected against external attacks by the web application firewall.

Network Security

Architecture

Skai utilizes a hybrid cloud environment, using Amazon Web Services and a data center. Skai utilizes a hierarchical nework architecture and client instances are logically segregated from each other and split into front end, mediation, and back end subnets.

Firewalls, IDS/IPS

Skai deploys commercial grade firewalls, network intrusion/prevention systems, and malware protection to protect Skai applications and systems.

Load Balancers

Skai applications are load balanced and distributed across multiple regions to provide high availability and redundancy.

Vulnerability scanning

Vulnerability scanning is performed on all network and cloud servers and endpoints. Vulnerabilities are prioritized based on criticality and patched accordingly.

Incident Response

Incident Response Plan

In the instance of a potential security incident, Skai follows the processes and procedures laid out in the Skai Incident Management and Breach Notification procedure.

Logging/SIEM

All security events are centrally aggregated, with alerts generated on suspicious events.

24x7x365 SOC and NOC teams

Skai maintains an in-house information security team as well as 24x7x365 Network Operations Center. On top of this Skai utilizes a Managed Security Service Provider for 24x7x365 Security Operations Center coverage.

Business Continuity/Disaster Recovery

Business Continuity/Disaster Recovery Plans

Skai will follow the Skai Business Continuity and Disaster Recovery plan during a business continuity event/disaster.

Disaster Recovery Tests

Skai performs tests of its disaster recovery procedures on at least a quarterly basis.

Backups

Daily and weekly backups are retained for all systems depending on criticality

Data Disposal and Hardware Sanitization

Electronic media in a cloud environment shall be security disposed of by embedded cloud provider tools. On premise physical media that is no longer required shall be destroyed by shredding or incineration.

Physical Security

Data center/office security controls

Skai maintains physical security measures for the protection of all Skai offices and data centers. This includes but is not limited to:

Badge access
Mantraps
24 x 7 CCTV System
24 x 7 Security Guards

HR Security, Training and Awareness

Onboarding

Background checks are performed on all employees in countries where allowed.

Offboarding

Terminated employees have access to Skai systems revoked within 24 hours of termination.

Security Awareness Training

All Skai employees are required to complete security awareness training at hire and on an annual basis. This is completed through an online training portal.

Phishing Simulation Training

Skai employees periodically goes through phishing drills.

Data Security

Data Separation/Isolation

Client instances are physically and logically separated with each client having their own server. The platform is single tenant.

Encryption

At-rest

Sensitive data is encrypted/anonymized at rest within the database instance.

In-transit

Access to the Skai production network utilizes a VPN that is IPSec full tunnel mode

Third Party Security

Due Diligence

All 3rd parties are contractually obligated to maintain the same level of security or greater than Skai. Skai performs annual information security risk audits of all 3rd parties that have access to, transmit, or store Skai data or information systems.

Breach

All 3rd parties are contractually obligated to notify Skai of any data breaches that effect Skai data.

Keep your data secure with Skai

Our promise of data privacy, data transparency, and data security

Learn more

Responsible Disclosure

Specialists at Skai continuously work on the security and optimization of our systems, so that our clients can operate without any worries. Despite our best efforts, an unforeseen error or vulnerability may still occur in one of our services. Please report to us in this form or via email (skai-vulnerability-report@skai.io) the full details of the vulnerability found, the steps you have taken and where the vulnerability occurs.

Our specialists will immediately start working on your report and will respond to you as soon as possible. During the investigation, we ask you to handle your findings with discretion. We will of course keep you informed of what happens next.

I have read and agree to the terms of Skai’s Privacy Policy.

I agree that Skai can contact me about marketing events, product announcements, and services.