Company
Security
A secure, tech-enabled platform to earn your trust.
Security

Our commitment to security

Our commitment to security includes our corporate operations, the infrastructure that supports our products and services, and our applications that are deployed to our customers and partners.

Infrastructure Security
100% deployed to cloud services, utilizing platforms that provide the highest level of physical and network security.
Network access controls prevent unauthorized access to Kalderos’ systems and applications.
24/7/365 active network security monitoring to protect your information’s confidentiality, availability and integrity.
Application Security
Best-in-class Web Application Firewall to automatically identify and protect against attacks aimed at Kalderos web applications and APIs.
Second-party code reviews, pull request approvals, separation of duty and continuous inspection of code quality.
We enforce a uniform password policy, requiring strong passwords and token authentication.
Data Security
All third-party vendors are required to complete Kalderos’ online vendor security assessment and are held to strict security standards.
Web applications are deployed utilizing end-to-end encryption. Key management and rotation are managed via key vault by Kalderos.
All applications require users to authenticate over an encrypted session using a username and strong password with token verification upon successful login.
Our team

Meet Kalderos’ VP of Information Security and Compliance

With years of information security experience, including global compliance and organizational and regulatory security compliance, Jim is passionate about information security and protecting Kalderos’ customer and employee information.

Read interview
Compliance

At the forefront of compliance

Operating entirely in the U.S., Kalderos maintains compliance with all federal and state privacy laws. 

SOC1 & SOC2
The Kalderos information security team has developed a security program around SOC 1 and SOC 2 Type 2 reporting standards while aligning with the guidance outlined in ISO 27001 and NIST SP 800-53 frameworks.
SOC 3
For an overview of our adherence to SOC 1 & 2 compliance, we encourage you to download our SOC 3 Report.
Privacy
Our dedication to protecting your confidential data

At Kalderos, we collect only the personal information that is necessary to support our customers and improve customer experience.

Privacy program & management
Customer privacy is one of our top considerations. Kalderos will never sell or share your personal information with third parties. Data is retained for only as long as required for us to provide contracted services, unless regulatory or statutory requirements say otherwise. Further information regarding how we store and use customer data can be found in our privacy policy.
HIPAA
Kalderos uses the minimum necessary data to review 340B discounts. The data we use allows us to analyze whether discounts are consistent with 340B program rules and whether a prohibited duplicate discount scenario exists. To learn more about how we address HIPAA concerns, see our HIPAA Frequently Asked Questions for Data Associated with 340B Drug Pricing Program.
Security status center

Latest updates on Kalderos security measures

Jeremy Docken
Founder & CEO
Apache Log4j Vulnerability
12.17.2021