1. Availability and Reliability
2. Data Encryption (In-Transit and At-Rest)
4. Vulnerability & Penetration Testing
5. Product-Based Secure Access Features
8. Additional Resources: Kintone Trust Center
Kintone utilizes Amazon Web Services (AWS) hosting infrastructure. Our services are geo-redundantly replicated across multiple availability zones for high availability and reliability.
The availability of the main functions of kintone.com can be confirmed on the Status Page (https://status.kintone.com).
Our platform operates 24 hours a day, 365 days a year (excluding pre-announced maintenance), with regular backup and redundancy built-in.
Sometimes we need to perform maintenance to keep kintone.com working smoothly. If scheduled downtime is necessary, we’ll give you at least 1 week advance notice.
All customers with Eligible Products will receive the following support:
Ticket support: Monitored 9:00 A.M. to 5:00 P.M PST. Monday – Friday, excluding these major US Holidays. Tickets received outside of business hours will be sent to a mailbox, and necessary action will be taken the next working day.
Contact Support: https://www.kintone.com/en-us/support/
Eligible Products are defined as:
Paid Kintone.com subscription of $24/user/month and Education/Government/NPO plan
NPO plan without a support plan will not be eligible. Please reference the Special Terms of Use for Nonprofit Subscription
Third party services purchased directly from Kintone Corporation
Kintone Plug-ins. Please reference the Kintone Plug-in Terms of Use
Data from the last 14-days are stored for system recovery. All files older than 14 days on Kintone rely on Amazon S3’s internal redundancy mechanism for recovery. This backup process is a countermeasure to unexpected server failure or major disasters and is not intended to serve as a recovery method in the event of data loss due to customer error.
All data stored within a customer account sub-domain shall be deleted upon the expiry of the retention period we separately determine.
Customer data stored at kintone.com is encrypted using AWS features. AWS RDS, S3, and so on.
All data is encrypted as it moves between our servers and your web browser.
The Kintone service is offered only with SSL connections, and provides optional IP address connectivity restrictions, 2-Factor Authentication.
Cy-SIRT (Cybozu Computer Security Incident Response Team) is an in-house expert security group created to prepare against and handle any Security incidents. Cy-SIRT helps create policies to protect against threats and responds rapidly and in real-time to identify, contain, and eradicate threats as they arise.
Kintone has third-party vulnerability testing auditors such as Vulnerability Defense Laboratory perform vulnerability/penetration audits on our platform on a semi-annual or as needed (when any major updates occur) basis.
To see the all the testing reports, click here
A penetration test simulates the actions of an external and/or internal cyber attacker that aims to breach the information security of the organization.
Found a security problem? Report it here..
Read the help documentation for details on each feature. https://get.kintone.help/en/
Security Assertion Markup Language (SAML) is an XML-based open standard data format that links authentication information across several security domains. If SAML Authentication is used, you can single sign-on into Kintone using the user account that is registered in your company’s Identity Provider (IdP). To use Kintone as the Service Provider (SP) to link with SAML Authentication, an IdP that supports SAML 2.0 is needed.
Two-factor authentication is an added layer of security for your Kintone account. This makes it more difficult for someone else to log in to your account.
Restricts access from IP addresses that are not listed.
The following is a list of password settings that can be configured when setting up a Kintone account.
Account lockout threshold – number of incorrect attempts
Account lockout duration – length of time the lockout will occur.
Enable/disable auto login
Enable auto login duration
You can browse and download the audit log of operations such as logins, modifications, file downloads, etc. Custom audit log settings can also be set to initiate notification emails.
CyberGRX provides a third-party validated cyber risk assessment of Kintone’s security.
This assessment assesses Kintone’s compliance with industry standards and the security protocols built into our infrastructure.
You can request access to Kintone’s CyberGRX third-party cyber risk assessment tier 2 report and self-attested responses here.
Information Security Management System (FISC)
As mentioned above, the data centers the Kintone.com cloud
is currently operating from comply with The Center for Financial Industry Information Systems (FISC) Facility Safety
Standards, considered one of the strictest compliance agencies in Japan.
In fact, the data centers meet Tier 4 specifications, the highest level, for most of the categories in the Data Center Facility Standards as regulated by the Japan Data Center Association.
The Kintone Trust Center offers detailed information on Kintone's security features, including user management, infrastructure, support systems, and more. Kintone customers and partners can utilize the Trust Center to better understand how Kintone creates a secure environment for its users and their data. Visit the Kintone Trust Center to learn more.