Skai Information Security and Privacy Center

At Skai, your information security and privacy is our utmost priority. These are some of the measures we’re taking to keep your information safe.

Trust

Skai believes that trust is the foundation of any successful business partnership. Of key importance to building and retaining that trust, is Skai’s duty to protect the security and privacy of our customer’s data. The Skai Information Security & Privacy center aims to provide prospective/current customers with an overview of Skai’s information security and privacy standards, practices, and the ways Skai will protect your data.

Privacy and Data Protection

Learn about Skai’s commitment to the privacy of our clients

Compliance and Certifications

ISO/IEC 27001:2013

Skai has achieved certification of International Standards Organization(ISO)/International Electrotechnical Commission (IEC) 27001:2013, an international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system. Skai’s ISO 27001 certificate is available upon request and after execution of a non-disclosure agreement.

SOC 2 type 2

SOC 2 is a certification on the controls at a service organization. Skai’s SOC 2 report confirms Skai’s conformity to the trust principles of security, availability, and confidentiality set forth by the American Institute of Certified Public Accountants (AICPA). Skai’s SOC 2 report is available upon request and after execution of a non-disclosure agreement

Security FAQ

Access Control

Customer Controlled

The customer retains full control of who has access and to what within the Skai application.

Complex Passwords

Skai applications require complex passwords by default.

SSO

Skai supports Security Assertion Markup Language 2.0 for customers that would like to use single sign on.

Multi Factor

Skai recommends the use of multi-factor authentication when using Skai applications.

Application Security

SDLC

Skai developers follow the Skai software development lifecycle when developing applications. Security is built into this process. Source code is manually and automatically reviewed before deployment to production systems.

Patch Management

Patch Management in the Skai application are patched on an on-going basis and prioritized by criticality of risk.

Penetration Testing

All Skai applications undergo penetration testing on a minimum an annual basis. Penetration tests are performed by a third party.

Web Application Firewall

Skai applications are protected against external attacks by the web application firewall.

Network Security

Architecture

Skai utilizes a hybrid cloud environment, using Amazon Web Services and a data center. Skai utilizes a hierarchical nework architecture and client instances are logically segregated from each other and split into front end, mediation, and back end subnets.

Firewalls, IDS/IPS

Skai deploys commercial grade firewalls, network intrusion/prevention systems, and malware protection to protect Skai applications and systems.

Load Balancers

Skai applications are load balanced and distributed across multiple regions to provide high availability and redundancy.

Vulnerability scanning

Vulnerability scanning is performed on all network and cloud servers and endpoints. Vulnerabilities are prioritized based on criticality and patched accordingly.

Incident Response

Incident Response Plan

In the instance of a potential security incident, Skai follows the processes and procedures laid out in the Skai Incident Management and Breach Notification procedure.

Logging/SIEM

All security events are centrally aggregated, with alerts generated on suspicious events.

24x7x365 SOC and NOC teams

Skai maintains an in-house information security team as well as 24x7x365 Network Operations Center. On top of this Skai utilizes a Managed Security Service Provider for 24x7x365 Security Operations Center coverage.

Business Continuity/Disaster Recovery

Business Continuity/Disaster Recovery Plans

Skai will follow the Skai Business Continuity and Disaster Recovery plan during a business continuity event/disaster.

Disaster Recovery Tests

Skai performs tests of its disaster recovery procedures on at least a quarterly basis.

Backups

Daily and weekly backups are retained for all systems depending on criticality

Data Disposal and Hardware Sanitization

Electronic media in a cloud environment shall be security disposed of by embedded cloud provider tools. On premise physical media that is no longer required shall be destroyed by shredding or incineration.

Physical Security

Data center/office security controls

Skai maintains physical security measures for the protection of all Skai offices and data centers. This includes but is not limited to:

Badge access
Mantraps
24 x 7 CCTV System
24 x 7 Security Guards

HR Security, Training and Awareness

Onboarding

Background checks are performed on all employees in countries where allowed.

Offboarding

Terminated employees have access to Skai systems revoked within 24 hours of termination.

Security Awareness Training

All Skai employees are required to complete security awareness training at hire and on an annual basis. This is completed through an online training portal.

Phishing Simulation Training

Skai employees periodically goes through phishing drills.

Data Security

Data Separation/Isolation

Client instances are physically and logically separated with each client having their own server. The platform is single tenant.

Encryption

At-rest

Sensitive data is encrypted/anonymized at rest within the database instance.

In-transit

Access to the Skai production network utilizes a VPN that is IPSec full tunnel mode

Third Party Security

Due Diligence

All 3rd parties are contractually obligated to maintain the same level of security or greater than Skai. Skai performs annual information security risk audits of all 3rd parties that have access to, transmit, or store Skai data or information systems.

Breach

All 3rd parties are contractually obligated to notify Skai of any data breaches that effect Skai data.

Keep your data secure with Skai

Our promise of data privacy, data transparency, and data security

Learn more

Name	Borlabs Cookie
Provider	Owner of this website, Imprint
Purpose	Saves the visitors preferences selected in the Cookie Box of Borlabs Cookie.
Host(s)	.skai.io, skai.io
Cookie Name	borlabs-cookie
Cookie Expiry	1 Year

Name	Wordpress Cookies
Provider	Owner of this website
Host(s)	skai.io
Cookie Name	wordpress_sec_,wordpress_test_cookie,wp-postpass_, wordpresspass_, wordpressuser_*
Cookie Expiry	Session / 1 Year

Name	Accessibe
Provider	Owner of this website
Purpose	This cookie stores selections made by the user in the Accessibe tool in order to maintain those settings on future visits. These cookies help us make our website compliant with our obligations under US law.
Privacy Policy	https://accessibe.com/privacy-policy
Cookie Name	acsbState, acsbReset
Cookie Expiry	n/a

Accept	comeet
Name	comeet
Provider	Owner of this website
Host(s)	.comeet.co, www.comeet.co
Cookie Name	visid_incap_, nlbi_#######, incap_ses_, referrer22_00a, incap_ses_1364_2167377
Cookie Expiry	Session / 1 Year

Accept	Chilipiper
Name	Chilipiper
Provider	Owner of this website
Host(s)	.chilipiper.com, skai.chilipiper.com
Cookie Name	fs_uid, CHILI_PIPER_CLUSTER, guest-session, _sp_ses, _sp_id
Cookie Expiry	Session / 2 Years

Accept	Google Analytics
Name	Google Analytics
Provider	Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Purpose	Cookie by Google used for website analytics. Generates statistical data on how the visitor uses the website.
Privacy Policy	https://policies.google.com/privacy?hl=en
Cookie Name	_ga, _ga_, _gat,_gat_,_gid, GOOGLE_ABUSE_EXEMPTION, AEC, __Secure-ENID, SOCS, CONSENT
Cookie Expiry	Session / 2 Years

Accept	Hotjar
Name	Hotjar
Provider	Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141 Malta
Purpose	Hotjar is an user behavior analytic tool by Hotjar Ltd.. We use Hotjar to understand how users interact with our website.
Privacy Policy	https://www.hotjar.com/legal/policies/privacy/
Host(s)	*.hotjar.com
Cookie Name	_hjClosedSurveyInvites, _hjDonePolls, _hjMinimizedPolls, _hjDoneTestersWidgets, _hjIncludedInSample, _hjShownFeedbackMessage, _hjid, _hjRecordingLastActivity, hjTLDTest, _hjUserAttributesHash, _hjCachedUserAttributes, _hjLocalStorageTest, _hjptid, _hjSessionUser_2229986, _hjIncludedInPageviewSample, _hjIncludedInSessionSample, _hjAbsoluteSessionInProgress, _hjFirstSeen
Cookie Expiry	Session / 1 Year

Accept	Facebook Pixel
Name	Facebook Pixel
Provider	Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Purpose	Cookie by Facebook used for website analytics, ad targeting, and ad measurement.
Privacy Policy	https://www.facebook.com/policies/cookies
Cookie Name	_fbp,act,c_user,datr,fr,tr,m_pixel_ration,pl,presence,sb,spin,wd,xs
Cookie Expiry	Session / 1 Year

Accept	Linkedin Pixel
Name	Linkedin Pixel
Provider	Linkedin
Cookie Name	lidc, li_gc, lang, AnalyticsSyncHistory, UserMatchHistory, li_sugr, bcookie, TDCPM, TDID, bscookie, ln_or
Cookie Expiry	Session / 1 Year