Deployment and Administration

Security and Compliance

Security and Compliance
Security is embedded in every layer of KanBo — from development to deployment.

KanBo follows a shared responsibility model:

KanBo Team: Ensures secure code, certificate management, and patch processes.

Customer IT Team: Controls hosting, network isolation, and operational hardening within their environment.

Key Security Principles

Zero external data access – KanBo has no standing access to your tenant.

Tenant isolation – each deployment operates in your own Azure AD boundary.

Encryption everywhere – TLS 1.2+ enforced, SQL encryption supported.

Certificate-based authentication – all service integrations use X.509 certs.

No local credentials – KanBo leverages Azure AD or GCC identity providers only.

Auditable operations – every user and system action is logged within your infrastructure.

Compliance Standards

KanBo deployments can align with:

GDPR (EU General Data Protection Regulation)

ISO/IEC 27001 (Information Security Management)

NIST 800-53 & 800-63B (U.S. Cybersecurity Framework)

FedRAMP High / DFARS 252.204-7012 (for GCC High)

SOC 2 Type II & HIPAA alignment (via Azure hosting environment)

NIS2 Directive (European cybersecurity regulation)

KanBo supports compliance through architecture, not promises.

Security is embedded in every layer of KanBo — from development to deployment.

KanBo follows a shared responsibility model:

KanBo Team: Ensures secure code, certificate management, and patch processes.
Customer IT Team: Controls hosting, network isolation, and operational hardening within their environment.

Key Security Principles

Zero external data access – KanBo has no standing access to your tenant.
Tenant isolation – each deployment operates in your own Azure AD boundary.
Encryption everywhere – TLS 1.2+ enforced, SQL encryption supported.
Certificate-based authentication – all service integrations use X.509 certs.
No local credentials – KanBo leverages Azure AD or GCC identity providers only.
Auditable operations – every user and system action is logged within your infrastructure.

Compliance Standards

KanBo deployments can align with:

GDPR (EU General Data Protection Regulation)
ISO/IEC 27001 (Information Security Management)
NIST 800-53 & 800-63B (U.S. Cybersecurity Framework)
FedRAMP High / DFARS 252.204-7012 (for GCC High)
SOC 2 Type II & HIPAA alignment (via Azure hosting environment)
NIS2 Directive (European cybersecurity regulation)

KanBo supports compliance through architecture, not promises.