Security
Security and data integrity are foundational to an eQMS. Quality and regulatory teams trust Kintavo with the records that define how their products are made and controlled, and we design our platform, processes, and people around protecting that trust. This page summarizes our approach. For specific documentation — including reports, certificates, and our security questionnaire responses — contact [info@kintavo.com].
Infrastructure
Kintavo runs on a cloud provider, whose data centers maintain leading physical and environmental security controls and hold certifications including [SOC 2, ISO 27001, etc.].
Encryption
Data is encrypted in transit using TLS 1.2 or higher and encrypted at rest using AES-256 (or equivalent). Encryption keys are managed with restricted access and regular rotation.
Access control
We enforce least-privilege access. Administrative access to production systems is limited to authorized personnel, requires multi-factor authentication, and is logged and reviewed. Within the application, customers control their own users' permissions through role-based access controls. We support SSO for centralized identity management.
Data integrity and electronic records
Kintavo is built to support the data-integrity expectations of regulated industries. The platform provides:
secure, time-stamped, computer-generated audit trails that record who did what and when, and that cannot be altered by end users;
electronic-signature capabilities designed to support 21 CFR Part 11 and EU Annex 11 requirements, including signature meaning, signer identity, and signature/record linking;
controls supporting ALCOA+ data-integrity principles (Attributable, Legible, Contemporaneous, Original, Accurate, plus Complete, Consistent, Enduring, and Available);
versioning and controlled access to ensure records remain accurate and retrievable throughout their retention period.
Validation and compliance support
We develop Kintavo under a documented software development lifecycle aligned with GAMP 5 principles. We provide validation support documentation — including [IQ/OQ templates, validation packages, requirements traceability, and release notes] — to help customers establish and maintain a validated state. Responsibility for validating the system for its intended use within your quality system remains with your organization.
Our information security program is [aligned with / certified to] SOC 2 Type II, ISO 27001, ISO 9001. Reports and certificates are available under NDA on request.
Availability and resilience
We monitor the Service continuously and target an uptime of 99.9%. We maintain documented backup, disaster-recovery, and business-continuity procedures, with backups encrypted and tested on a regular schedule. Status and incident updates are published at [status.kintavo.com].
Secure development
Security is built into our development process through code review, dependency scanning, and testing. We perform regular independent penetration testing and vulnerability assessments, and remediate findings according to documented timelines based on severity.
Personnel and operations
Employees undergo background checks where permitted by law, receive security and data-protection training, and are bound by confidentiality obligations. Access to systems and data is granted on a need-to-know basis and revoked promptly upon role change or departure.
Incident response
We maintain a documented incident-response plan covering detection, containment, investigation, and recovery.
Responsible disclosure
If you believe you have found a security vulnerability in the Service, please report it to [info@@kintavo.com]. We appreciate responsible disclosure and will work with you to investigate and address valid reports.
Contact
For security documentation, questionnaires, or questions about our program:
Email: [info@kintavo.com]