Company
Security
A secure, tech-enabled platform to earn your trust.
Security

Our commitment to security

We are committed to ensuring security across our corporate operations, the infrastructure that supports our products and services as well as the applications we deploy to our customers and partners.

Infrastructure Security
100% cloud-deployed services utilizing platforms that provide the highest level of physical and network security
Network access controls that prevent unauthorized access to Kalderos’ systems and applications
24/7/365 active network security event detection and monitoring to protect your information’s confidentiality, availability and integrity
Application Security
Best-in-class web application firewall to automatically identify and defend against attacks aimed at Kalderos web applications and application programming interfaces (APIs)
Second-party code reviews, pull request approvals, separation of duty and continuous inspection of code quality
Enforced uniform password policy requiring strong passwords and multifactor authentication (MFA)
Data Security
All Kalderos employees and in-scope contingent workers must review and accept a data protection and classification policy upon hire, and annually thereafter
All third-party vendors must complete Kalderos’ online vendor security assessment and meet strict security standards
Web applications are deployed utilizing end-to-end encryption, and Kalderos facilitates key management and rotation via key vault.
All applications require users to authenticate over an encrypted session using a username and strong password, then configure MFA upon successful login.
Our team

Meet Kalderos’ Chief Information Security Officer

Jim Hundemer has years of experience with information technology and security, including global, organizational and regulatory security compliance. He is passionate about information security and protecting Kalderos’ client and employee information. 

Read interview
Compliance

At the forefront of compliance

Kalderos operates entirely in the U.S. and complies with all federal and state privacy laws.

SOC 1 Type 2 & SOC 2 Type 2
The Kalderos security program is built around SOC 1 and SOC 2 standards and the guidance outlined in ISO 27001 and NIST SP 800-53 frameworks.
SOC 3
For an overview of Kalderos’ adherence to SOC 1 and SOC 2 compliance, we encourage you to download our SOC 3 report.
Privacy
Our dedication to protecting your confidential data

At Kalderos, we collect only the personal information that is necessary to support our customers and improve customer experience.

Privacy program & management
Customer privacy is among our top considerations. We retain your data for only as long as necessary to provide contracted services unless regulatory or statutory requirements say otherwise. More information about how we store and use customer data can be found in our privacy policy.
HIPAA
Kalderos uses the minimum necessary data to review 340B discounts in order to analyze whether discounts are consistent with 340B program rules and whether a prohibited duplicate discount scenario exists. To learn more about how we address HIPAA concerns, see our HIPAA Frequently Asked Questions for Data Associated with 340B Drug Pricing Program.
Security status center

Latest updates on Kalderos security measures

Jeremy Docken
Founder & CEO
Apache Log4j Vulnerability
12.17.2021