Karbon
Work Management Software for Enterprise Accounting Firms

Best-in-class security

With security at the core of Karbon, your data is safe. Information is encrypted in transit, stored securely in enterprise-grade cloud servers and major data protection regulations are adhered to.

Your data and privacy is protected.

We take a security-first approach towards product development, quality assurance and operational support. Leading technologies and industry best practices are utilized to maintain the security and availability of the Karbon platform, and protect everything stored within it.

GDPRCompliant
DataAuto Backup
PrivacyProtected

Compliance & Certification

Security Compliance

GDPR

We are committed to your business and the protection of your data to ensure GDPR-compliance.

SOC 2 Type I

Karbon is SOC 2 Type I certified, which confirms we have implemented the necessary systems and processes to meet the security standards our customers expect when it comes to their data. Contact us to request a copy of the Karbon SOC 2 Type 1 Report.

SOC 2 Type II (in-progress)

We are expected to undergo another SOC 2 examination, which will result in the issuance of a SOC 2 Type 2 report.

ISO 27001

We have implemented an Information Security Management System (ISMS), in accordance with the requirements set out in ISO 27001. However, we have not yet been independently certified ISO 27001 compliant.

Privacy

Privacy Policy

We are committed to preventing unauthorized access or disclosure to our customer’s information. Read our privacy policy.

Cloud Security

Encryption

Encryption in Transit

The Karbon platform uses Transport Layer Security (TLS v1.2, v1.1 and v1.0) encryption on all requests sent between client and server. System controls have been implemented to prevent cross site scripting and SQL injection attacks.

Encryption at rest

All data captured in Karbon is encrypted and stored on Microsoft Azure servers in accordance with ISO 27001 requirements.

Availability & Continuity

Service Recovery

Karbon has operational support staff available on call 24hrs a day. In the event of an unscheduled outage, business continuity and disaster recovery procedures are initiated to maintain continued business operations and system performance.

Vulnerability Management

System vulnerability assessments and internal security controls have been implemented to identify security vulnerabilities and reduce the risk of exposure to common cyber attacks. Our Vulnerability Disclosure Program enables us to identify and proactively address inbound security vulnerabilities provided by customers and the broader technical community.

Incident Management

Our incident management process ensures we rapidly respond to security events that may affect the integrity or availability of the Karbon platform and the data stored within it. Events that affect customers are given the highest priority.

Data Backups

Data Hosting

Karbon data is stored across multiple databases and file stores. Data and audit logs, for all databases, are backed up on a regular frequency. Full backups are performed every gigabyte of growth or each week — whichever is sooner.

Enterprise-grade Servers

All your information is stored using enterprise-grade cloud servers, secure data storage and highly scalable databases.

Application Security

Secure Development

Access to Environments

Access to Karbon’s deployment environments is strictly controlled.

Separate Environments

Testing and Staging environments are logically separated from the Production environment.

User Security

Auditing of User Actions

All user actions that create, modify or remove data in Karbon are audited. These audit records are retained for 14 days and can be provided to customers on a request-by-request basis.

Unique Tenant Identifiers

Karbon is a multi-tenanted system. Each customer account has a unique identifier that is used across the entire platform to identify data owned by that account.

Client File Transfer

The Client Task app is powered by Secure Sockets Layer (SSL) to maintain connection security and encrypt and share data safely.

Vulnerability Management

Security Risk Assessment

The Karbon product development team identify and assess any security related risks as part of all new feature development work.

Third-Party Risk Assessment

Annual third-party vendor risk assessments are performed to evaluate the risks associated with the services provided by third parties.

Monitoring Alerts

Monitoring tools are in place to identify suspicious behaviour, unauthorised attempts to access Karbon, and potential denial of service (DoS) type attacks.

Product Security

Authentication Security

Single Sign-On

Karbon can be configured to work with a Single Sign On (SSO) provider such as Okta.

Multi-Factor Authentication

Access to Karbon is connected to a user’s email account. Multi or two-factor authentication can be set for the user’s email account login. Karbon does store any passwords.

User Security

All users must be invited to join a tenant and accept that invitation before they can access any tenant data. A selected authentication provider is recorded for the user and all future login attempts require authentication using the same provider.

IP Restrictions

Access to production databases is restricted to allow access only from trusted IP addresses.

Data Security

Administrative Data Access

Access to production databases is strictly controlled and only users with a need to access production data for customer support or problem resolution have access. On request, Karbon will securely delete a customer’s Karbon data.

Data Backups

Data backups are encrypted and sensitive data is encrypted/masked in the live database.

User Permissions

In-app user permissions allow you to control what data a user can access and what company-wide actions and settings can be controlled.

Human Resources Security

Security Awareness

Security Awareness Policies

A comprehensive set of security policies are enforced to all Karbon employees and contractors with access to Karbon information assets. This includes policies for the use of two-factor authentication, protection of passwords, personal firewalls, and avoiding unsecured devices and networks.

Security Awareness Training

Every Karbon employee undergoes security training as part of the orientation and onboarding process. New employees receive information on Karbon’s commitment to keep customer information safe and secure.

Confidentiality

Confidentiality Agreements

All new Karbon employees are required to sign Non-Disclosure and Confidentiality agreements.

Trusted by accounting firms world-wide.

97%Positive reviews on getapp.com
4.7 stars on getapp.com
98%Service satisfaction rating