TALK TO US RAISEOS BY KLUB.AI — SECURITY OVERVIEW (SUMMARY)
Governance and policy
Security ownership; policies for access control, change management, incident response, vendor risk and vulnerability management; personnel training and confidentiality.
Hosting and network
Cloud hosting in [primary regions] with segmentation, firewalls and DDoS protections; separate production/non-production environments.
Data protection
Encryption in transit (TLS 1.2+) and at rest ([KMS/provider]) where applicable; least-privilege role-based access; periodic access reviews.
Application security
Secure SDLC, peer review, dependency scanning; regular vulnerability scanning; independent penetration testing at least annually; defined remediation SLAs.
Identity and access
SSO/OAuth where available; MFA for privileged access; secrets management and rotation.
Monitoring and logging
Centralised logging, anomaly alerting; time-bound retention.
Backups and resilience
Regular backups; tested restoration; target RPO: [≤24h] and RTO: [≤24h]; business continuity and disaster recovery plans.
Incident response
24×7 alerting; triage, containment, eradication and recovery; notifications as required by law/contract; post-incident reviews.
Vendor and sub-processor risk
Due diligence; contractual obligations; reassessment; public Sub-processor Register with advance notice.
Contact
Email: security@klub.ai
