Skip to main content

Security

How we develop, deliver and manage mission critical solutions

KONGSBERG has a long tradition for delivering mission critical solutions. We have our roots in the defence industry, the high-tech industrial environments of the maritime sector and the oil and gas industry.

This tradition complements our culture and mindset where we are committed to the development and delivery of secure and reliable solutions for our customers.

We understand that keeping both data and services secure is essential to your business. Delivering secure services is a continuous and highly complex activity. We take care of this complexity for you.  

Kongsberg uses third party data centres which are audited for compliance with ISO 27001 and ISO27018 standards on a yearly basis.

Our layered security approach consists of physical security, Edge hardware, data communications ,secure development, monitoring and administrative controls. It covers infrastructure and devices on both the edge and in the cloud. 

Physical security and data location

Your data is stored in data centres which comply with the relevant regulations and have industry-standard physical protection measures in place.

  • Environmental control
  • Redundant power supply
  • 24/7 surveillance of premises
  • Monitoring and traceability of physical access to premises

Kognifai supports multiple data locations. The exact location on where your data is stored depends on your specific case and requirements.

For customer’s subject to European legislation your personal data will always be stored in Europe.

Edge hardware and data communications

Kongsberg Edge Hardware is responsible for capturing sensor data from your assets on the Edge. This hardware contains several security features including a unique identity to ensure the integrity of the data and detect device tampering.

Once data is captured it is encrypted and send to our data centres using our Global Secure Network. This network is marine certified by DNV-GL and Bureau Veritas

Secure development

When delivering new features, services or making changes on Kognifai we follow our Software Development LifeCycle.  This allows us to deliver high quality services and meet security requirements.

Security requirements originate from a combination of legal, industry-specific regulations and practise as well as compliance requirements. These requirements are embedded and measured throughout the services lifecycle and include:

  • Security audit and tests
  • Security scanning and testing of source code ( SAST)
  • Manual Testing
  • Penetration testing

Our services are tested to ensure resilience against threats as defined by OWASP10 and SANS25

Monitoring and event management

Services are carefully monitored. This includes the continuous scanning for cyber threats and vulnerabilities. Data analytics and Denial-of-Service prevention are some to the measures taken to ensure reliable services.

Our security operations centre (SOC), Cloud Operations and Cybersecurity specialists are key players in our approach. They are responsible for the triage, responding and learning from cyber security events.

They provide development teams with practical guidelines and updated information on how to develop secure services and enable us to act and react to keep your data secure.

Administrative controls

Our administrative controls cover the training, procedures and policies related to KONGSBERG employees and consultants. All work processes are defined in our Business Management System which is compliant with the ISO27001 standards and audited on a yearly basis.

Staff screening: All staff is screened as part of our hiring process to make sure we hire talent who fits the job and will take pride in providing world-class services to you as our customer.

Non-disclosure/ confidentiality agreements: All members of staff and consultants have signed confidentiality agreements.

Training and awareness: Knowledge and expertise are crucial tools in providing state of the art solutions. KONGSBERG provides all staff with awareness courses on topics covering cybersecurity, privacy and other relevant aspects on a continuous basis. Development and Operation staff may receive more specific training depending on their role.

Access to data: Access to your data is limited to only a few people in our cloud operations and technical support departments.