To ensure we are acting as trusted stewards of our customers' information, Kyruus invested in and achieved a SOC 2 Type 2 Certification. We continue the investment in our Security, Availability and Confidentiality controls through a yearly SOC 2 Audit. The audit is a review of our governance of any/all changes to the Production environment and data. The designation of customer authorized contacts is part of this governance process to ensure customer specific Production changes are approved by a designated customer contact prior to being made by a Kyruus Team member.
Types of Authorized Contacts & Approvers
Kyruus’ change management system requires each customer to determine Authorized Approvers. There are three tiers of Authorized Approvers with differing level of access. The tiers are:
a. Authorized User Account Approver: (lowest level of approval) These individuals are authorized to request new user accounts and changes to individual users' access.
b. Authorized Change Approver: (second level of approval) In addition to the approvals granted to the Authorized User Account Approver roles, these individuals are authorized to request changes to the application's config, feature set, data sources and business rules. Changes to roles or permissions impacting multiple users will also go through these authorizers.
c. Authorized Account Owner: (highest level of approval) In addition to the approvals granted to the Authorized Change Approver role, these users are authorized to designate new Authorized Change Approvers and User Account Approvers and can also perform all the actions designated for those roles. These users will also have access to view all tickets for their organization within Kyruus’ support ticketing system.
* All authorized contacts will be leveraged for customer communications, such as Net Promoter Score surveys, Quarterly Product Highlights, and notifications of new releases or platform changes.