Moving Sustainability accounting and reporting to Klappir, builds a shared responsibility model between customers and Klappir. Klappir operates, manages, and controls the digital platform for sustainability while our customers use the solution and gets the benefits of the platform. The Klappir Digital Platform for Sustainability user framework describes the key concepts, design principles, and architectural best practices for running sustainability workloads in the cloud. By answering a set of foundational questions, our customers learn how well the platform aligns with their practices and are provided guidance for making sustainability improvements.
Control environment Klappir is committed to protecting their customer’s data and maintaining compliance with applicable regulatory requirements. Klappir terms and conditions outline the required guidance for operation and information security that supports Klappir environments, acceptable use of devices, and access to data content.
Klappir maintains a formal risk management program to continually discover, research, evaluate, plan, resolve, and optimize information security risks that impact Klappir business objectives, regulatory requirements, and customers. Risk treatment options may include acceptance, avoidance, mitigation, and transfer.
Communications Klappir has implemented various methods of internal communication at a global level to help employees understand their individual roles and responsibilities and to communicate significant events in a timely manner.
Changes to Material Subcontractor
Klappir defines “Material Subcontractor” as an unaffiliated subcontractor performing a material portion of the web services Klappir generally makes available to its customers, and whose failure to perform that material portion of the web services would have a material adverse effect on Klappir continued operation of such web services in accordance with the Klappir Customer Agreement.
Monitoring Klappir utilizes a wide variety of automated monitoring systems to provide a high level of service performance and availability. Klappir defines a Security Incident as a security-related adverse event in which there was a loss of data confidentiality, disruption of data or systems integrity, or disruption or denial of availability. Klappir monitoring tools are implemented to detect unusual or unauthorized activities and conditions at ingress and egress communication points. These tools monitor server and network usage, port scanning activities, application usage, and unauthorized intrusion attempts.
Jurisdiction and Data Storage, Processing and Backup Locations
Klappir, headquartered in Reykjavík, Iceland, offers regions where data centers are located through their service provider, Amazon. The customer may limit this configuration to a single region such as Frankfurt, so its data does not leave this region for either data storage or processing.
Client identifying Data
Klappir defines account information as information about a customer that a customer provides to Klappir in connection with the creation or administration of a customer account. For example, account information includes names, usernames, phone numbers, email addresses, and billing information associated with a customer account.
Klappir uses number of third-party subcontractors to assist with the provision of it service including local market leading co-location providers. Klappir only uses subcontractors that they trust and they use appropriate contractual safeguards which Klappir monitors to ensure the required standards are maintained. Klappir creates and maintains written agreements with third parties (for example, Contractors or vendors) in accordance with the work or service to be provided, if appropriate which cover service continuity requirements (e.g., recovery time objectives - RTO), in accordance with Klappir business priorities. Klappir does not authorize subcontractors’ access to critical permissions groups. During the observation period of this report our subcontractors were not authorized to access any customers’ content uploaded to Klappir.
In-scope services for Compliance Programs
To understand how services ensure new features meet applicable compliance requirements is done by maintaining a systematic approach to planning, developing, and deploying new services and features for the Klappir environment to ensure the quality and security requirements are met with each release. As part of this process, security and compliance reviews are completed prior to deployment.
Contract Termination Customers are not tied into their contracts through minimum terms or minimum commitments. Klappir customers can exercise their right to terminate their agreement for convenience at any time. If customers decide to leave Klappir, customers can manage access to their data and Klappir services and resources, including the ability to import and export data. Klappir provides services to import/Export to transfer large amounts of data into and out of Klappir.