Continuous Investment in our Security
At Keep Aware, security stands as our utmost priority. It takes precedence in every aspect of our company and product development, guiding all design and process considerations. We aim to instill confidence in our customers as a trusted service provider, enabling them to understand the measures we take to safeguard their environment and secure our platform.
Our Security Program
Every employee and contributor to Keep Aware must sign agreements that require them to protect the confidentiality of clients and sensitive information they may access while doing their jobs.
Authentication & MFA
Employees must use multi-factor authentication to access any external or internal system that handles confidential customer data.
As a user awareness company, we prioritize security training and awareness in the workplace. Every employee participates in monthly security awareness training and our own internal Keep Aware solution.
SOC 2 Type II
Keep Aware continuously assess our controls through Vanta, ensuring that our environments are closely monitored. Additionally, we conduct annual audits with one of Vanta’s trusted auditing partners to maintain the highest standards. Our audit period extends from January to April each year, and you can obtain our report from your dedicated account team. Read about our most recent SOC 2 update.
● All systems that store or transmit customer data are encrypted at rest using 256-bit Advanced Encryption Standard (AES-256) or stronger.
● All Keep Aware clients, users, and products use TLS/SSL when communicating with deployments for sensor activity, data transfers, and API calls. (TLS 1.2 at a minimum)
● Only designated Keep Aware employees and providers can access customer data. An overview of the Keep Aware members with access to a deployment can be viewed and requested by customers at any time.
Keep Aware does not store passwords outside of the Identity Provider services provided by Amazon Web Services. Customer environments require MFA for all accounts or a custom third-party IdP integrated by the customer.
Role-Based Access Controls
The Keep Aware console supports role-based access control by all permissions to be individually applied or revoked from any account or API credentials.
Logging and Alerting
● Logs are collected and sanitized for console and sensor communications. Meaningful interactions are recorded so customers can understand events taking place against their data. These logs are retained for at least 30 days.
● Alerts and rate-limiting are set internally to protect customer environments. Rate-limiting is set for both console and sensor environments.
Secure Software Development Lifecycle
● All code pushed to production environments requires a mandatory peer review and tests embedded in our product to verify correctness, best practices, and security.
● Keep Aware conducts internal data flow and architecture reviews quarterly. High-level documentation of these reviews and change logs can be provided to customers upon request.
See why businesses choose Keep Aware as a trusted security partner.
is the next important security initiative.