Policies and Certifications

Keyvision Cybersecurity Policy (Release March 2022)

Purpose

The main goal of our cyber security policy is to protect the Keyvision platform, its users, system components and data from unauthorised and/or malicious use.
Whether it be managing a residential building, commercial project, large-scale, mixed-use development or a membership organisation, our platform architecture has been designed to be flexible, robust and responsive to successfully manage complex projects, buildings and client’s specific requirements.
Connectivity & flexibility is the foundation of the Keyvision Platform, and our four core pillars of communication management, member management, place management and place activation guide our development, strategy and actions.

Our core pillars have been developed with these goals in mind:

•  Identify management inefficiencies and solve service-related industry dysfunction.
•  Dramatically improve existing key management procedures and processes.
•  Develop and implement best practice processes that reduce administration costs.
•  Assist in building stronger connected communities that enable them to thrive.
•  Raise awareness on the importance and benefits of implementing digital connectivity.
•  Provide data analytics that will assist in delivering a more eco-friendly and sustainable development.
•  Continually update and deliver a modern and secure digital ecosystem that adds high value & ROI.

Security Overview

Keyvision has implemented an information security framework that meets or exceed ISO 27001:2013 requirements. Every part of this policy is continuously reviewed and kept up to date to address the latest security threats and challenges based on the current Australian Cyber Security Centre (ACSC) and the US-based The National Institute of Standards and Technology (NIST) guidelines.

It is locally hosted on an enterprise-grade AWS hosting platform in a highly secure data centre. It is certified for security and management controls such as ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3 and others. The hosting platform is independently audited on regular basis.

Reliability, Availability and Resilience

•  Our hosting provider is renowned as an industry leader in reliability and resilience.
•  High availability and geographical redundancy are readily available.
•  Every bit of important client data is backed up on regular basis and can be quickly restored at will.

Data Confidentiality, Protection and Security

•  All customer data on Keyvision is encrypted both in transit and at rest using the current industry-standard cryptography such as TLS 1.2 and AES256 and above.
•  All Keyvision customer data is kept in the environment certified to ISO 27001:2013 at the very minimum.
•  The Zero Trust Model (posture control, lateral movement prevention, segmentation etc.) is built-in and actively endorsed by the Keyvision hosting provider.
•  All system passwords and keys are kept in a highly secure hosted vault with multi-factor authentication.

Access Controls and Monitoring

Certified and approved management users are all verified and registered via a unique email to the dashboard via a single sign-on (SSO) and unique password protection. As part of our ongoing development and commitment to the highest-level security controls, we are implementing all management dashboard users to a Multi-Factor Authentication ‘MFA’ . This new security protocol will be operational by the end of May 2022.

 The Keyvision platform maintains and collects all important logs which are monitored every week. We are currently implementing and integrating logging into security information and event management system (SIEM).

Independent Audits

The Keyvision platform has implemented, and undergone penetration tests conducted by external independent and certified specialists. Penetration tests are carried out on an annual basis.

The hosting platform is regularly audited to stay compliant to ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3 and other important security standards.

Incident Response and Procedures

•  We have established structured incident response procedures that include Preparation; Identification and analysis; Containment, eradication, and recovery; post-incident events.
•  We adhere to NIST incident response guidelines.
•  Comprehensive Incident Response Planning and Immediate incident response team (IRT) assembly are major parts of our framework.

Customer Support

We have a built-in helpdesk that automatically creates tickets and tracks their progress.
We have local support with 24/7 response for critical issues.

Regular Maintenance and Upgrades

Keyvision and all its components are always kept up to date.
•  All system updates are thoroughly tested in our staging environments before they are released to production.
•  All mission-critical components are leveraging enterprise-grade services for updates and maintenance.
•  We follow a dynamic patching strategy based on the urgency and importance of updates.
•  We have a very flexible platform that addresses customer needs with regular upgrades.

Continuous Improvement Lifecycle

The Keyvision platform is consistently and regularly being improved using time-proven methodologies such as Agile. We listen to clients and our extensive user base to develop new features and functions that can improve and enhance the user experience. We are also leveraging continuous integration and continuous delivery (CI/CD) for DevOps and Software development lifecycle (SLDC) process improvement.