Security

Automation Street (a product of Kosansh Solutions Inc) takes the protection of client data seriously. The following describes our current security practices, provided for informational purposes and to assist clients and prospects conducting vendor due diligence.

Data protection in transit and at rest: All data transmitted between client systems, Automation Street personnel, and our platforms is encrypted using TLS 1.3. Data stored on Automation Street-operated systems is encrypted at rest using AES-256. We do not store client production data beyond the period required for active engagement delivery unless specifically contracted to do so.

Access controls: Production system access is governed by a least-privilege model. All access to client environments requires multi-factor authentication. Access credentials are issued per-engagement and revoked promptly upon engagement close or personnel change.

Third-party and subprocessor management: We maintain a list of approved subprocessors and review our use of cloud infrastructure providers, authentication platforms, and collaboration tools on a regular basis. Subprocessors handling PHI for healthcare engagements are subject to executed Business Associate Agreements (BAAs).

Vulnerability management: We apply security updates to our web properties and internal systems on a regular basis and aim to remediate critical findings promptly. We accept security vulnerability reports via our contact form with "Security disclosure" in the subject line.

Incident response: In the event of a confirmed data incident affecting client information, we will notify affected clients promptly and work with them on remediation steps, consistent with applicable law and contractual obligations.

Security questionnaires: We respond to client security questionnaires and vendor assessment requests. Use the contact form and note "Security questionnaire" in your message. We target a five business day turnaround for standard questionnaires and ten business days for extended assessments.

Physical security: Our practitioners work in client facilities, remote environments, and a small number of dedicated office spaces. Laptops are encrypted and screen locks are enforced on all personnel devices used for client work.