Security and Compliance
Last updated: June 17, 2024
At Kitman Labs, customer trust is our top priority. We know customers care deeply about privacy and data security, that’s why our Performance Intelligence Solutions are built using industry best practices and technology. You can rest assured that your data is always secure, meets the highest international standards, and complies with the toughest regulations.
Kitman Labs welcomes feedback from security researchers and the general public to help improve our security. If you believe you have discovered a vulnerability, privacy issue, exposed data, or other security issues in any of our assets, we want to hear from you. Please contact us at security@kitmanlabs.com with any details and we will endeavour to promptly investigate and address the matter.
Privacy
Know that your data is protected by some of the strongest internal and external privacy-by-design frameworks in the industry. At Kitman Labs, we are committed to protecting the privacy of your performance and medical data. When we process and use data, we protect it, preserve its ownership, and maintain the privacy of the person who it belongs to.
EU General Data Protection Regulation (GDPR)
Compliance with the GDPR is a top priority for Kitman Labs and our customers. GDPR harmonizes data protection regulation throughout the EU and gives individuals more control over their data.
The GDPR lays out specific requirements for businesses and organizations that are established in Europe or who serve users in Europe. The GDPR covers:
- How businesses can collect, use, and store personal data
- Builds upon current documentation and reporting requirements to increase accountability
- Authorizes fines on businesses who fail to meet its requirements
The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
HIPAA is legislation that is designed to make it easier for US workers to retain health insurance coverage when they change or lose their jobs. The legislation also seeks to encourage electronic health records to improve the efficiency and quality of the US healthcare system through improved information sharing.
Health Information Technology for Economic and Clinical Health Act (HITECH)
HITECH expanded the HIPAA rules in 2009. HIPAA and HITECH together establish a set of federal standards intended to protect the security and privacy of PHI. These provisions are included in what is known as the “Administrative Simplification” rules. HIPAA and HITECH impose requirements related to the use and disclosure of PHI, appropriate safeguards to protect PHI, individual rights, and administrative responsibilities.
Trust and Security
Focus on your business, knowing that your athlete data is safe and reliable. Customer trust is our top priority. At Kitman Labs we are committed to providing customers with the highest level of information security management. Using our secure-by-design model, we help ensure trust and data security.
Kitman Labs assesses the security risk of each software development project according to our Secure Software Development Lifecycle. Before completion of the design phase, Kitman Labs undertakes an assessment to characterize the security risk of the software changes proposed. This risk analysis leverages both the OWASP Top 10 and the extensive experience of Kitman Labs’ security team to create a set of security requirements that must be met as part of the development lifecycle. This includes adopting tools and processes that detect application security vulnerabilities and integrate risk data and metrics as early as possible.
Kitman Labs supports the latest recommended secure cipher suites to encrypt all traffic in transit, including the use of TLS 1.2 protocols, AES-256 encryption, and SHA-2 signatures for data transmitted between Kitman Labs’ apps and the Kitman Labs service.
Data at rest in Kitman Labs’ production network is encrypted using FIPS 140-2 compliant encryption standards. This applies to all types of data at rest within the system, including databases, file stores, database backups, etc.
Kitman Labs has put in place an industry-leading security program to ensure that customers can have the highest confidence in our management and control of their data. Our security program complies with ISO/IEC 27001:2013 and is regularly audited and assessed by third parties and customers. Our industry-leading security program includes documentation and processes around:
- Information security policies
- Organisation of information security
- Human resource security
- Asset management
- Access control
- Cryptography
- Physical and environmental security
- Operations security
- Communications security
- System acquisition, development and maintenance
- Supplier relationships
- Information security incident management
- Information security aspects of business continuity management
- Compliance
Compliance
Get the assurance you need to know that our Performance Intelligence Solutions meet the latest industry and security standards. We regularly check compliance through external reviews and audits and follow one common framework, including data security and privacy regulations, worldwide.
ISO/IEC 27001:2013 Information Security Management System
Kitman Labs Performance Intelligence Solutions are certified against ISO/IEC 27001:2013 and ISO/IEC 27701:2019 standards.
ISO/IEC 27001:2013 outlines and provides the requirements for an Information Security Management System (ISMS), specifies a set of best practices, and details the security controls that can help manage information risks.
ISO/IEC 27701 is an international standard that provides guidance on the protection of privacy, including how organizations should manage personal information. It also outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage privacy controls to reduce the risk to the privacy rights of individuals.
The International Organization for Standardization (ISO) is an independent, non-governmental international organization with a global membership of 163 national standards bodies. The ISO/IEC 27000 family of standards helps organizations keep their information assets secure.
Kitman Labs certification was issued and is continually assessed by Certification Europe, an independent and accredited certification body based in Ireland.
