As a trusted Nordic fintech company, we always make sure that we have the right certifications.
ISAE 3402 is developed to provide an international assurance standard for allowing public accountants to issue a report for use by user organizations and their auditors (user auditors) on the controls at a service organization that are likely to impact or be a part of the user organization’s system of internal control over financial reporting.
ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization.
This document specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization.
Kaunt is data processor as the customer’s supplier invoices may contain personal data.
The supplier invoices can be very different, depending on the organization’s activities. The invoices may contain personal data like name and contact information, information regarding a one-man business or such, or it can be special personal data like social security number or health information etc.
A high level of security is always provided.
Yes, Kaunt uses a standard data processing agreement, based on The Danish Data Protection Agency’s template.
Yes, Kaunt uses State-of-the-art encryption on the transport layer and when storing data.
Kaunt uses AES 256 standard encryption. The AES encryption key is encrypted with RSA2048.
ECIT Solutions A/S in Viby J. Denmark and Microsoft Azure in Datacenter Western Europe is hosting Kaunt’s data.
All data is stored within EU/EEA.
As Kaunt uses Microsoft Azure, a transfer of personal data to insecure third countries will in legal terms take place. This is for example, when an se-access is given to employees outside of EU/EEA for support and maintenance of Microsoft’s solution.
The basis of transfer is Standard Contractual Clauses (SCC) and in extension Kaunt has implemented further technical and contractual initiatives.
Read more about the basis of transfer and the Data Protection Addendum here.
To ensure, that no unintentional access to data is given outside of EU a HSM Azure Key Vault is used to store encryption keys. Encryption keys are stored in FIPS 140-2 Level 2 and Level 3 validated hardware security modules (HSMs).
Moreover, Kaunt’s data processing agreement include further contractual provisions, as recommended by the European Data Protection Board. You can read the recommendations here.
Kaunt follows a risk based approach to information security and data protection. As a part of this, Kaunt is ISO/IEC 27001 and 27701 certified.
You can find Kaunts certifications here.
Fill out the form and one of our experts will contact you and show you how your accounting practices can be automated in an intelligent way.