IT and Compliance FAQ
This document answers frequently asked questions about compliance and information security topics related to the Kelvin Legal Data OS. If you have additional questions, please contact us by email.
1. Is the Kelvin Legal Data OS only available as a cloud or SaaS solution?
No. While we can provide SaaS services, we encourage organizations to deploy Kelvin on-premises or in their own private or hybrid cloud. Given the nature of information security requirements in the legal industry, we strongly recommend that organizations deploy Kelvin in their own control environment.
2. Is Kelvin a single-tenant or multi-tenant solution?
Most organizations license Kelvin and deploy it on their own infrastructure. As such, most organizations use Kelvin as a single-tenant solution. In circumstances where we provide a SaaS or cloud solution, we can provide either a single-tenant or multi-tenant solution depending on the organization's needs.
3. Which cloud providers does Kelvin support?
For customers who want to deploy Kelvin on their own cloud infrastructure or use our SaaS solution, we support deployments on Microsoft Azure, Amazon Web Services, and Google Cloud Platform. Pricing may vary depending on the cloud provider and the modules and features licensed.
4. Which deployment technologies does Kelvin support?
Kelvin is built on modern, containerized architecture. We primarily deploy via Docker and can support deployments on Kubernetes, vSphere, or other modern container orchestration platforms.
5. Which operating systems does Kelvin support?
As Kelvin is built on a modern, containerized architecture, we can support deployments on any Windows, Linux, or Mac environments that support recent Docker Engine versions. For large-scale deployments, we recommend using Linux-based operating systems.
6. Does Kelvin support high-availability or scalable deployments?
Yes. Most Kelvin services are stateless and can be scaled horizontally to support high-availability and scalable deployments. All stateful services are built on RDBMS solutions like Postgres and SQL Server that support high-availability and scalable deployments. Many use cases can also be deployed via Kubernetes.
7. Does Kelvin support hybrid cloud deployments?
Yes. We can support hybrid cloud deployments where some services are deployed on-premises and others are deployed in the cloud. We can also support hybrid cloud deployments where some services are deployed on one cloud provider and others are deployed on another cloud provider.
8. Which languages does Kelvin support?
9. Which databases does Kelvin support?
Kelvin's stateful components are currently tested on Postgres and SQL Server. For arbitrary data retrieval and storage, Kelvin supports any database that ODBC or Python 3.10 libraries support.
10. Is there documentation for Kelvin’s Python libraries?
Yes. Kelvin's Python libraries are documented using Sphinx and documentation is available to all licensed users.
11. Is there documentation for Kelvin’s REST APIs?
Yes. Kelvin's REST APIs are documented using OpenAPI 3.0 schemas and documentation is available to all licensed users via Swagger UI and redoc pages.
12. Do you have a vulnerability management and reporting program?
We have a formal vulnerability management program using automated vulnerability scans and penetration tests to target zero-CVE distributions. Because we utilize modern container orchestration technologies, we can produce container-level Software Bills of Material (SBOMs), identify vulnerabilities, and patch images rapidly. Licensed users can subscribe to Vulnerability Notices in VEX format.
13. How is data encrypted at rest?
Because Kelvin is primarily deployed on-premises, data is generally encrypted at rest using the organization's own encryption policies and keys. For organizations that use our SaaS deployments, we can configure data encryption at rest using the organization's own policies as supported by Amazon Web Services, Microsoft Azure, or Google Cloud Platform.
14. How is data encrypted in transit?
Because Kelvin is primarily deployed on-premises, data is generally encrypted in transit using the organization's own encryption policies. All Kelvin services, including both REST APIs and database services, can be configured to require strong TLS encryption. For organizations that use our SaaS deployments, we can configure data encryption in transit using the organization's own policies as supported by Amazon Web Services, Microsoft Azure, or Google Cloud Platform.
15. Do you have an ISO 27001 certification or SOC 2 attestation?
While we have implemented ISO 27001 controls in our policies and procedures, we do not currently have an ISO 27001 certification or SOC 2 attestation. In the meantime, we are happy to provide organizations with a copy of our policies and procedures for review or to answer any questions about our information security program.
16. How does Kelvin handle data protection laws and regulations like DPR, UK Data Protection Act, CCPA/CCPR, or other privacy laws?
Kelvin is designed to support organizations' existing data protection practices. First, we support and recommend that organizations deploy Kelvin on their own infrastructure. This means that client data is not transmitted to us and is not stored on our infrastructure, and organizations can deploy Kelvin in any jurisdiction or domicile required. Second, all Kelvin services support strong encryption at rest and in transit. Third, Kelvin's primarily-stateless architecture means that we implement data minimization by default, reducing the number of components that retain any information in memory or on disk. Fourth, Kelvin provides local large language models as an alternative to third-party services like OpenAI's GPT family, allowing organizations to use Kelvin without transmitting data to other third-parties. Finally, Kelvin provides a number of features to support data protection by design and by default, including the ability to identify PII or financial information, the ability to generate synthetic data, and the ability to redact or anonymize data.