Security at Kwata Team
Security isn't an afterthought—it's the foundation of everything we build. Our PESNO framework ensures that Privacy, Ethics & Integrity, Security, Network Isolation (NIS2), and OWASP standards are embedded in every line of code and every system we deploy.
The PESNO Security Framework
PESNO is not just a checklist—it's a mindset. Before every action, we ask: "Does this follow PESNO principles?"
Privacy
Your data is protected by design
Privacy
Your data is protected by design
Ethics & Integrity
Transparent, honest, and trustworthy practices
Ethics & Integrity
Transparent, honest, and trustworthy practices
Security
Enterprise-grade protection
Security
Enterprise-grade protection
Network Isolation (NIS)
NIS2-aligned infrastructure
Network Isolation (NIS)
NIS2-aligned infrastructure
OWASP
Industry security standards
OWASP
Industry security standards
Security by Design
Security is foundational, not optional. These principles guide every decision we make.
Zero Trust Architecture
We never trust, always verify. Even internal services are authenticated and authorized.
Defense in Depth
Multiple layers of security controls ensure that if one fails, others protect your data.
Principle of Least Privilege
Systems and users only have the minimum access necessary to perform their functions.
Fail Securely
When systems fail, they default to a secure state rather than exposing data.
Continuous Monitoring
We continuously monitor for threats and respond to incidents within hours.
Regular Updates
Security patches applied within 48 hours for critical vulnerabilities.
Frameworks We Align With
We use precise language about where we stand. Kwata Team is built to the SOC 2 Trust Services Criteria and our internal PESNO standard, and is aligned with the privacy laws below. A formal third-party SOC 2 attestation and ISO 27001 certification are on our roadmap — we will say we hold them only once we do.
Privacy — aligned
- PIPEDA (Canadian federal privacy law)
- Alberta PIPA (provincial privacy law)
- CASL (consent & unsubscribe in every email)
Security — built to
- AES-256 encryption at rest
- TLS 1.2+/1.3 in transit
- SOC 2 Trust Services Criteria (aligned)
- OWASP Top 10 secure-coding practices
On our roadmap
- SOC 2 Type II attestation (accredited auditor)
- ISO/IEC 27001 certification
Hosting & payments
- Your data is never used to train AI and never sold
- Payments handled by PCI-DSS-compliant processors — card data never touches our servers
Report a Security Issue
If you discover a security vulnerability, please report it responsibly:
- Email: security@kwatateam.com
- Response Time: Within 24 hours