Security

Service Level Objective

1. Availability and Reliability

2. Data Encryption (In-Transit and At-Rest)

3. CSIRT

4. Vulnerability & Penetration Testing

5. Product-Based Secure Access Features

6. Security Assessment

7. Compliance

8. Additional Resources: Kintone Trust Center

1. Availability and Reliability

Kintone utilizes Amazon Web Services (AWS) hosting infrastructure. Our services are geo-redundantly replicated across multiple availability zones for high availability and reliability.
The availability of the main functions of kintone.com can be confirmed on the Status Page (https://status.kintone.com).

1.1 Operating Hours

Our platform operates 24 hours a day, 365 days a year (excluding pre-announced maintenance), with regular backup and redundancy built-in.

1.2 Scheduled Downtime

Sometimes we need to perform maintenance to keep kintone.com working smoothly. If scheduled downtime is necessary, we’ll give you at least 1 week advance notice.

1.3 Support

All customers with Eligible Products will receive the following support:

Ticket support: Monitored 9:00 A.M. to 5:00 P.M JST. Monday – Friday, excluding these major JP Holidays

Contact Support: https://www.kintone.com/en-sea/support/

Eligible Products are defined as:

  1. Paid Kintone.com subscription of $24/user/month
  2. Kintone Plug-ins. Please reference the Kintone Plug-in Terms of Use

1.4 Data Backup

Data from the last 14-days are stored for system recovery. All files older than 14 days on Kintone rely on Amazon S3’s internal redundancy mechanism for recovery. This backup process is a countermeasure to unexpected server failure or major disasters and is not intended to serve as a recovery method in the event of data loss due to customer error.

1.5 Data Deletion

All data stored within a customer account sub-domain shall be deleted upon the expiry of the retention period we separately determine.

2. Data encryption in transit and at rest

Customer data stored at kintone.com is encrypted using AWS features. AWS RDS, S3, and so on.

All data is encrypted as it moves between our servers and your web browser.

The Kintone service is offered only with SSL connections, and provides optional IP address connectivity restrictions, 2-Factor Authentication.

3. CSIRT

Cy-SIRT (Cybozu Computer Security Incident Response Team) is an in-house expert security group created to prepare against and handle any Security incidents. Cy-SIRT helps create policies to protect against threats and responds rapidly and in real-time to identify, contain, and eradicate threats as they arise.

4. Vulnerability & Penetration Testing

Kintone has third-party vulnerability testing auditors such as Vulnerability Defense Laboratory perform vulnerability/penetration audits on our platform on a semi-annual or as needed (when any major updates occur) basis.​

To see the all the testing reports, click here

A penetration test simulates the actions of an external and/or internal cyber attacker that aims to breach the information security of the organization.

Found a security problem? Report it here..

5. Product-Based Secure Access Features

Read the help documentation for details on each feature. https://get.kintone.help/en/

SAML

Security Assertion Markup Language (SAML) is an XML-based open standard data format that links authentication information across several security domains. If SAML Authentication is used, you can single sign-on into Kintone using the user account that is registered in your company’s Identity Provider (IdP). To use Kintone as the Service Provider (SP) to link with SAML Authentication, an IdP that supports SAML 2.0 is needed.

Two-factor authentication

Two-factor authentication is an added layer of security for your Kintone account. This makes it more difficult for someone else to log in to your account.

IP address restrictions

Restricts access from IP addresses that are not listed.

Login and Password Policies

Password settings

The following is a list of password settings that can be configured when setting up a Kintone account.

  • Password Character length
  • Password Character complexity
  • Password reuse policy
  • Password expiration policy

Logins

Account lockout policy

Account lockout threshold – number of incorrect attempts
Account lockout duration – length of time the lockout will occur.

Automatic login policy

Enable/disable auto login
Enable auto login duration

Audit Log

You can browse and download the audit log of operations such as logins, modifications, file downloads, etc. Custom audit log settings can also be set to initiate notification emails.

6. Security Assessment

CyberGRX provides a third-party validated cyber risk assessment of Kintone’s security.

This assessment assesses Kintone’s compliance with industry standards and the security protocols built into our infrastructure.

You can request access to Kintone’s CyberGRX third-party cyber risk assessment tier 2 report and self-attested responses here.

7. Compliance

Information Security Management System (FISC)
As mentioned above, the data centers the Kintone.com  cloud is currently operating from comply with The Center for Financial Industry Information Systems (FISC) Facility Safety Standards, considered one of the strictest compliance agencies in Japan.

In fact, the data centers meet Tier 4 specifications, the highest level, for most of the categories in the Data Center Facility Standards as regulated by the Japan Data Center Association.

8. Additional Resources: Kintone Trust Center

The Kintone Trust Center offers detailed information on Kintone's security features, including user management, infrastructure, support systems, and more. Kintone customers and partners can utilize the Trust Center to better understand how Kintone creates a secure environment for its users and their data. Visit the Kintone Trust Center to learn more.