Data Security & Operating Environment

1. Availability and Reliability

2. Data Encryption (In-Transit and At-Rest)

3. CSIRT

4. Vulnerability & Penetration Testing

5. Product-Based Secure Access Features

6. Compliance

1.  Availability and Reliability

Kintone utilizes Amazon Web Services (AWS) hosting infrastructure. Our services are geo-redundantly replicated across multiple availability zones for high availability and reliability.

The availability of the main functions of kintone.com can be confirmed on the Status Page (https://kintone.statuspage.io).

1.2 Operating Hours

Our platform operates 24 hours a day, 365 days a year (excluding pre-announced maintenance), with regular backup and redundancy built-in.

1.3 Scheduled Downtime

Sometimes we need to perform maintenance to keep kintone.com working smoothly. If scheduled downtime is necessary, we’ll give you at least 1 week advance notice.

1.4 Support

1.4.1 Support Hours

Standard support hours are Monday through Friday 9 am – 5:00 pm PST. More detailed Support SLA can be found here.

1.4.2 Support Contact

Support phone number: 415-692-6546 Support e-mail​: support@kintone.com

1.5 Data Backup

The most recent 14-days of data is stored for system recovery. Files uploaded to Kintone are not backed up as the daily backup, and instead rely on Amazon S3’s internal redundancy mechanism.

1.6 Data Deletion

All data stored within a customer account sub-domain shall be deleted upon the expiry of the retention period we separately determine.

Back to Top

2. Data encryption in transit and at rest

Customer data stored at kintone.com is encrypted using AWS features. AWS RDS, S3, and so on.

All data is encrypted as it moves between our servers and your web browser.
The Kintone service is offered only with SSL connections, and provides optional IP address connectivity restrictions, 2-Factor Authentication.

Back to Top

3. CSIRT

Cy-SIRT (Cybozu Computer Security Incident Response Team) is an in-house expert security group created to prepare against and handle any Security incidents. Cy-SIRT helps create policies to protect against threats and responds rapidly and in real-time to identify, contain, and eradicate threats as they arise.

Back to Top

4. Vulnerability & Penetration Testing

Kintone has third-party vulnerability testing auditors such as Vulnerability Defense Laboratory perform vulnerability/penetration audits on our platform on a semi-annual or as needed (when any major updates occur) basis.​

A penetration test simulates the actions of an external and/or internal cyber attacker that aims to breach the information security of the organization.

Found a security problem? Report it here.

Back to Top

5. Product-Based Secure Access Features

Read the help documentation for details on each feature. https://get.kintone.help/

SAML

Security Assertion Markup Language (SAML) is an XML-based open standard data format that links authentication information across several security domains. If SAML Authentication is used, you can single sign-on into Kintone using the user account that is registered in your company’s Identity Provider (IdP). To use Kintone as the Service Provider (SP) to link with SAML Authentication, an IdP that supports SAML 2.0 is needed.

Two-factor authentication

Two-factor authentication is an added layer of security for your Kintone account. This makes it more difficult for someone else to log in to your account.

IP address restrictions

Restricts access from IP addresses that are not listed.

Login and Password Policies

Password settings

The following is a list of password settings that can be configured when setting up a Kintone account.

  • Password Character length
  • Password Character complexity
  • Password reuse policy
  • Password expiration policy

Logins

Account lockout policy

Account lockout threshold – number of incorrect attempts
Account lockout duration – length of time the lockout will occur.

Automatic login policy

Enable/disable auto login
Enable auto login duration

Audit Log

You can browse and download the audit log of operations such as logins, modifications, file downloads, etc. Custom audit log settings can also be set to initiate notification emails.

Back to Top

6. Compliance

Information Security Management System (FISC)
As mentioned above, the data centers the Kintone.com cloud is currently operating from comply with The Center for Financial Industry Information Systems (FISC) Facility Safety Standards, considered one of the strictest compliance agencies in Japan.

In fact, the data centers meet Tier 4 specifications, the highest level, for most of the categories in the Data Center Facility Standards as regulated by the Japan Data Center Association.

Back to Top

Customers and free trial users signed up before September 8, 2019 can review the Data Security & Operating Environment ​information here