top of page
KALYN ISO/IEC 27001:2022 Certification
Kalyn is committed to maintaining the highest standards of information security and protecting the confidentiality, integrity, and availability of the information entrusted to us by our customers, partners, employees, and stakeholders.
Our Information Security Management System (ISMS) is certified to the internationally recognised ISO/IEC 27001:2022 standard.
This certification demonstrates that Kalyn has established, implemented, and continually maintains a comprehensive framework for managing information security risks in accordance with the requirements of ISO/IEC 27001:2022.
As part of our ISMS, Kalyn adopts a systematic, risk-based approach to identifying, assessing, and mitigating information security risks. We implement appropriate technical and organisational controls designed to protect information from unauthorised access, disclosure, alteration, loss, or destruction while supporting the confidentiality, integrity, and availability of our information assets.
Our ISO/IEC 27001:2022 certification provides assurance that Kalyn has implemented robust information security governance and continually monitors and improves its security practices to meet internationally recognised standards.
Our Information Security Management System encompasses a broad range of security controls, including but not limited to:
-
Information security governance and policies
-
Organisation of information security
-
Human resource security
-
Asset management
-
Identity and access management
-
Cryptography and encryption
-
Physical and environmental security
-
Operational security
-
Communications and network security
-
Secure system acquisition, development and maintenance
-
Supplier and third-party security management
-
Information security incident management
-
Business continuity and disaster recovery
-
Risk management and continual improvement
Through ongoing monitoring, regular internal audits, employee awareness training, and continuous improvement, Kalyn remains committed to safeguarding information and maintaining the trust of our customers, business partners, and other stakeholders.
Security Controls
At Kalyn, safeguarding our customers' information and maintaining the security of our systems is a fundamental part of our business operations. We have implemented a comprehensive framework of technical, organisational, and administrative security controls designed to identify, prevent, detect, and respond to evolving cybersecurity threats.
Our security programme is based on internationally recognised standards, industry best practices, and a continuous improvement approach. Security controls are regularly reviewed and enhanced to address emerging risks, technological developments, and changing regulatory requirements.
Our security framework is built around four key areas:
-
Organisational Security
-
Internal Security Procedures
-
Infrastructure Security
-
Data Protection
Organisational Security
Information Security Policies
Kalyn maintains a comprehensive Information Security Framework consisting of documented policies, standards, procedures, and operational guidelines designed to protect our information assets.
These documents are reviewed regularly and updated as necessary to reflect changes in business operations, technology, legal requirements, and emerging threats.
Information Security Management System (ISMS)
Kalyn operates an Information Security Management System (ISMS) designed in accordance with the principles of ISO/IEC 27001:2022.
Our ISMS provides a structured approach to identifying, assessing, managing, and continuously improving information security risks across the organisation.
Where applicable, our ISMS supports ongoing internal reviews, management oversight, and continual improvement initiatives.
Cybersecurity Risk Management
Cybersecurity risk management forms an integral part of our governance framework.
We continuously:
-
Identify security risks;
-
Assess potential business impacts;
-
Implement appropriate mitigation measures;
-
Monitor changing threat landscapes;
-
Review residual risks;
-
Improve security controls.
This proactive approach enables Kalyn to maintain a resilient security posture.
Information Security Team
Kalyn maintains dedicated personnel responsible for:
-
Information security governance;
-
Cybersecurity operations;
-
Risk management;
-
Security compliance;
-
Privacy and data protection;
-
Incident response;
-
Security awareness.
These teams work collaboratively to ensure that security remains embedded throughout our business operations.
Employee Screening
Where permitted by applicable law, pre-employment screening and background verification may be conducted for employees and contractors based on the sensitivity of their role and access to confidential information.
Security Awareness and Training
All employees receive mandatory information security awareness training during onboarding and participate in regular refresher training throughout their employment.
Training covers topics including:
-
Information security;
-
Cybersecurity threats;
-
Password security;
-
Social engineering;
-
Phishing awareness;
-
Data protection;
-
Incident reporting;
-
Secure remote working.
Training materials are regularly updated to address evolving cyber threats.
Confidentiality Commitments
All employees, contractors, consultants, and temporary personnel are required to maintain the confidentiality of proprietary and customer information.
Confidentiality obligations are established through employment agreements, confidentiality clauses, or Non-Disclosure Agreements (NDAs), as appropriate.
Internal Security Procedures
Vulnerability Management
Kalyn maintains a vulnerability management programme designed to identify, assess, prioritise, and remediate security vulnerabilities affecting our systems and infrastructure.
Activities include:
-
Security patch management;
-
Operating system updates;
-
Software updates;
-
Vulnerability scanning;
-
Risk assessment;
-
Remediation planning.
Critical vulnerabilities are addressed according to defined risk-based priorities.
Security Incident Management
Kalyn maintains documented procedures for identifying, reporting, managing, investigating, and resolving information security incidents.
Our incident response process includes:
-
Incident identification;
-
Containment;
-
Investigation;
-
Eradication;
-
Recovery;
-
Root cause analysis;
-
Lessons learned;
-
Continuous improvement.
Where required, security incidents are communicated to affected parties and relevant supervisory authorities in accordance with applicable legal obligations.
Access Control
Access to systems, applications, and information is granted according to the principle of least privilege and business need.
Access management includes:
-
Role-based permissions;
-
User authentication;
-
Approval workflows;
-
Periodic access reviews;
-
Privileged access management;
-
Timely removal of unnecessary access rights.
User access is reviewed regularly to ensure permissions remain appropriate.
Password and Authentication Standards
Kalyn maintains password and authentication standards designed to strengthen account security.
These include requirements relating to:
-
Password complexity;
-
Minimum password length;
-
Password management;
-
Multi-factor authentication (where applicable);
-
Secure credential storage.
Backup and Recovery
Business-critical information is protected through structured backup and recovery procedures.
Backup strategies are developed based on:
-
Business impact;
-
Risk assessments;
-
Operational requirements;
-
Recovery objectives.
Backup integrity is periodically tested to support business continuity.
Supplier and Third-Party Risk Management
Kalyn carefully assesses third-party suppliers that process or access confidential information.
Supplier management includes:
-
Security due diligence;
-
Contractual confidentiality obligations;
-
Data protection requirements;
-
Ongoing risk assessments;
-
Periodic supplier reviews.
We work only with trusted providers who demonstrate appropriate security standards.
Change Management
Changes affecting production environments are managed through formal change management procedures.
Changes are:
-
Documented;
-
Risk assessed;
-
Tested where appropriate;
-
Approved before implementation;
-
Reviewed after deployment.
This process helps minimise operational and security risks.
Information Security Governance
Clear information security responsibilities are assigned throughout the organisation to ensure accountability, effective oversight, and appropriate segregation of duties.
Physical Security
Physical access to Kalyn facilities is controlled using appropriate security measures.
Depending on the location, controls may include:
-
Secure entry systems;
-
Visitor management;
-
CCTV monitoring;
-
Restricted access areas;
-
Secure server rooms;
-
Environmental controls.
Access is limited to authorised personnel.
Secure Software Development
Where Kalyn develops software or digital solutions, security is integrated throughout the Software Development Life Cycle (SDLC).
Development practices may include:
-
Secure coding standards;
-
Code reviews;
-
Vulnerability testing;
-
Dependency management;
-
Security testing;
-
OWASP guidance;
-
Developer security training.
Cyber Insurance
Where appropriate, Kalyn maintains cyber liability insurance to assist in managing the financial impact of cybersecurity incidents and business interruptions.
Data Protection
Information Classification
Kalyn classifies information according to its sensitivity and business value.
Information classification supports:
-
Appropriate handling;
-
Secure storage;
-
Controlled sharing;
-
Retention;
-
Secure disposal.
Encryption
Sensitive information is protected using encryption technologies appropriate to the level of risk.
Encryption may be applied:
-
During transmission;
-
While stored;
-
On laptops and mobile devices;
-
On portable storage media where permitted.
Encryption standards are regularly reviewed to reflect current industry practices.
Data Retention
Kalyn maintains a formal Data Retention Policy that defines how long personal and business information is retained.
Retention periods are determined based on:
-
Legal obligations;
-
Regulatory requirements;
-
Contractual commitments;
-
Business needs;
-
Industry best practices.
Information is securely deleted or anonymised once it is no longer required.
Client Information Protection
Client information is protected through multiple layers of administrative, technical, and physical safeguards.
These safeguards include:
-
Access controls;
-
Encryption;
-
Data classification;
-
Secure storage;
-
Controlled sharing;
-
Confidentiality obligations;
-
Retention management.
Infrastructure Security
Security Monitoring
Kalyn continuously monitors its technology environment to detect, investigate, and respond to potential security events.
Monitoring capabilities may include:
-
Security logging;
-
Endpoint monitoring;
-
Threat detection;
-
Intrusion detection;
-
Cloud security monitoring;
-
Security Operations Centre (SOC) services where applicable.
Restricted Production Access
Administrative access to production systems is restricted to authorised personnel with a legitimate business need.
Access to production environments is controlled, monitored, and periodically reviewed.
Secure Remote Working
Kalyn supports secure remote and hybrid working through documented policies and technical safeguards.
Security measures include:
-
Secure VPN or encrypted connections where appropriate;
-
Multi-factor authentication;
-
Managed devices;
-
Endpoint protection;
-
Secure collaboration tools;
-
Employee awareness training.
Access Removal
When employees or contractors leave Kalyn or change roles, access rights are reviewed and revoked promptly in accordance with documented offboarding procedures.
Infrastructure Access Controls
Access controls are implemented across both physical and digital environments using industry-recognised security practices.
Controls are reviewed periodically to ensure they remain effective against evolving threats.
Security Logging
Security logs are collected, monitored, and analysed to support:
-
Threat detection;
-
Incident investigation;
-
Compliance monitoring;
-
Operational security.
Log retention and monitoring practices are implemented in accordance with business and regulatory requirements.
Network Segmentation
Kalyn logically segments its networks to separate critical systems, protect confidential information, and reduce the impact of potential security incidents.
Malware Protection
All managed endpoints are protected using modern endpoint security technologies.
Depending on operational requirements, these may include:
-
Next-Generation Anti-Malware (NGAV);
-
Endpoint Detection and Response (EDR);
-
Threat intelligence services;
-
Managed detection and response capabilities;
-
Automated malware signature updates;
-
Continuous endpoint monitoring.
These controls help detect, prevent, and respond to malicious activity across our environment.
Kalyn continually reviews and enhances its security controls to maintain a strong security posture and protect the information entrusted to us by our customers, partners, employees, and stakeholders.
bottom of page
