Skip to main content

Security standards

Kisi holds two crucial company certifications—ISO 27001 and SOC 2—showcasing its dedication to strong information security measures. Additionally, Kisi adheres to rigorous data protection compliances, including GDPR, CCPA, and NDAA, ensuring the highest level of privacy and security for its users' data.

ISO 27001

Kisi is ISO 27001 certified. The ISO 27001 standard is a globally recognized information security standard developed and maintained by the International Organization for Standardization (ISO) and provides the specification for an information security management system or ISMS.

Organizations using an ISMS, especially one that conforms to ISO 27001, can ensure compliance with a host of laws, including the high-profile GDPR general data protection regulation and the network and information systems regulations, or MIS regulations.

The ISO 27001 standard is the centerpiece of the ISO 27000 series, a set of multiple information security standards that together form a widely recognized framework for managing information security best practices. These standards provide a framework of specifications, codes of conduct, and best practices for securing information assets.

In order to achieve this certification, Kisi's compliance was validated by an independent auditor.

Benefits of being ISO 27001 certified

  1. Secure information: ISO 27001 helps protect all forms of information whether digital, paper-based or stored in the cloud.
  2. Increased cyber attacks resilience: Detect and reduce cyber threats early. Kisi is conducting penetration tests at least once per year, as part of ISO 27001.
  3. Protecting the confidentiality, integrity and availability of the data: ISO 27001 helps to ensure that the information is
    • Confidential: Not available or disclosed to unauthorized people entities or processes.
    • Whole: Complete and accurate, and protected from corruption.
    • Available: Accessible and usable as and when authorized users require it.
  4. Compliance with business, legal, contractual and regulatory requirements: ISO 27001 certification is also in line with rigid regulatory requirements such as the GDPR (General Data Protection Regulation), the NIS Directive (Directive on security of network and information systems) and other cyber security laws.

For more information, please check our guide on ISO 27001 Compliance.


Kisi is SOC 2 certified. SOC 2 (System and Organization Controls 2) is a globally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). This certification is a formal evaluation and attestation of Kisi's controls over the security, availability, processing integrity, confidentiality, and privacy of customer data.

Benefits of being SOC 2 certified

  1. Security controls: Comprehensive assessment of security controls.
  2. Trust and assurance: Provides trust and assurance to customers.
  3. Compliance framework: Meets regulatory and industry compliance.
  4. Data protection: Demonstrates commitment to protecting customer data.
  5. Independent auditing: Conducted by certified third-party auditors.
  6. Risk management: Evaluates and mitigates security risks.
  7. Continuous improvement: Promotes ongoing enhancement of security practices.
  8. Transparent reporting: Detailed reports on control effectiveness.

UL certification and compliance

The requirement of a UL certification generally relates to egress. Since Kisi does not typically control egress in relation to your access control system, UL certification is not necessary for the parts Kisi manufactures. However, Kisi is typically used with UL listed parts such as power supplies or locks.

Motion sensors and/or request-to-exit buttons are typically wired in-series with the lock, thus bypassing the Kisi system when people exit a building that utilizes fail-safe locks. For those buildings using fail-secure locks, egress is accomplished by using either the door handle or a push bar. If you have motion sensors or request-to-exit buttons, your installer can provide the UL certification for the device(s) installed.

  • If you do have Kisi set up to control egress, the UL listing for power to the Kisi controller can be found here.
  • If you are using your own Power over Ethernet (PoE) enabled switch, the Kisi reader's UL certification for power can be found on your switch's datasheets. If you are using a Kisi provided PoE injector, there is no UL certification.
  • If you need UL certification for the PoE injector connected to the Kisi reader, Kisi recommends this model.
  • If your installation requires UL certification from the Kisi side, Kisi offers the Altronix power supply which is UL certified.

To learn more about UL certification and compliance, please read this article.

Data protection & regulations compliance

  1. GRPR - European data protection regulation ensuring privacy rights for individuals
  2. CCPA - California data privacy law protecting consumer personal information
  3. NDAA - Defense-related procurement regulations
  4. TAA - Procurement rules for US government agencies

Kisi support and customer data security

The Kisi Support team is here to help and is committed to providing the best support experience possible. To ensure that we’re able to provide a high quality of service and minimize the impact during the support experience, we may access your data as necessary to provide support as described in our Privacy Policy and Terms of Service or other agreements between you and Kisi covering your use of our service.

By submitting a request to Support, you consent to Kisi accessing your customer data to provide such support.

All of our Support staff are covered under signed non-disclosure agreements and undergo extensive background checks. Only trusted individuals are permitted to access your data, and we go to great lengths to protect the privacy of the data you’ve entrusted to us.

If you have questions or concerns about the handling of your data, please let us know. The security and privacy of your data is our paramount concern.