KX Information Security Policy
The scope of this Information Security Management System (ISMS) framework is restricted to all KX infrastructure, security operations and offerings.
The scope of this Information Security Management System (ISMS) framework is restricted to all KX infrastructure, security operations and offerings.
The KX Security and Compliance Teams are committed to protecting the critical information assets by implementing and continually improving an Information Security Management System (ISMS) to help ensure that its applicable information security objectives are met, and the ISMS is able to adapt to internal and external changes.
The ISMS is designed to meet the goal to protect KX and its customers information assets from security threats identified, whether internal or external, deliberate or accidental. By means of this ISMS we will strive to:
The objectives of Information Security are:
KX shall align with ISO / IEC 27001:2022 as a base security standard and as required by our customers, extend to other security standards such as ISO 27017, ISO 27018 and SOC2 Type II. The Organization shall establish an information security governance, risk and compliance (GRC) to effectively and efficiently manage the ISMS. The organization shall:
The KX Information Security and GRC Teams hold direct responsibility for maintaining this Information Security Policy and providing guidance on its implementation as well as encouraging personal commitment of all staff to conform to the policy requirements.
All personnel under the scope of the ISMS must adhere to this Information Security Policy. Failure to do so can result in disciplinary actions including termination of employment or contract and prosecution in accordance with the applicable federal, state and local laws.
The scope of this policy and our ISMS is all of KX.
This Information Security Policy is supported by security commitments defined in our Technical and Operational Measures (TOMS)
Approved by: SVP of Compliance
Date: June 12, 2024