SOC 2

Kopius, established in 2017, has rapidly grown into a dominant strength in the technology and consulting landscape boasting over 600 dedicated employees, with headquarters in Seattle, Washington, and an additional location in Buenos Aires, Argentina. Kopius was formed from the strategic merger of Valence (founded in 2017), a Seattle-based digital consulting firm, and the Latin American division of Tradehelm (founded in 2008), a Chicago-based technology services enterprise. Both predecessor firms were part of The Acacia Group, specialist investors in digital transformation businesses. Acacia endorsed the formation of Kopius in response to escalating client demand for end-to-end digital consulting capabilities supporting a flexible product development and resourcing approach.

Kopius helps build customer-led digital products, empowered by technology, data & AI. We are committed to driving customer innovation and harness the power of people, data, and emerging tech. Our end-to-end capabilities span strategy, design, development, and support to elevate businesses to the next level. Our services are threefold: we help launch Digital Products to modernize experiences, Custom Business Applications that streamline workflows, and Data & AI solutions that fuel actionable insights enabling future business moves.

The inception of Kopius advances the combined organization’s value proposition to its commercial and public sector clients. Kopius integrates a proficient team from the U.S. and Latin America, equipped to tackle intricate challenges swiftly and efficiently across the spectrum of digital technologies crucial for successful enterprise transformation. Presently, Kopius supports nearly 100 U.S. commercial and public sector clients and has an impressive 96% client retention rate. Earning and keeping the trust of our customers is our top priority, and we hold ourselves to the highest security standards. As such, we consider security to be a core function of our business.

SOC 2 Compliance

SOC 2 examination reports provide assurance of controls at service organizations relevant to system and data security.  The reports are commonly used by service and software providers to demonstrate the security of their service(s) to customers, without the customers having to engage in costly audits with the service provider directly.

To demonstrate our commitment to security, Kopius engages a third-party auditor to produce annual independent SOC 2 examination reports that includes a review of controls relevant to the Security of our systems and services.

Customers and prospects who have signed nondisclosure agreements may request a copy of our most recent audit report through your Technical Account Manager.

Security Controls at Kopius

Data Encryption

At Kopius, safeguarding client data is our top priority. To achieve this, we utilize encryption methodologies that align with industry best practices. Both during data transit and when it’s stored, we employ encryption techniques to make sure that the data remains confidential and is resistant to tampering. By doing this, we can confidently say that even if data is intercepted during transmission, it would be unreadable and secure from potential threats.

Organizational and information security

At Kopius, we value the security of our organization and the information we handle. In line with local regulations, we do a thorough check on our new team members. Every year, we all take part in a refresher on security best practices, diving into important topics like keeping our data private and managing passwords. Additionally, our employee workstations have built-in safety to enforce full-disk encryption, strong passwords, and automatic locking.

Multi-Factor Authentication (MFA)

To further bolster data access security, Kopius has adopted multi-factor authentication across all production systems. By employing this layered security approach, we can ensure that sensitive data remains accessible only to verified individuals, thereby substantially reducing the chances of unauthorized access.

Vulnerability Management

At Kopius, we believe in proactive defense. Our routine vulnerability assessments, which are systematically scheduled, help us spot and fix potential weaknesses in our infrastructure. Our trained infrastructure and support team is continuously reviewing the findings of those assessments to ensure vulnerabilities are remediated in a timely manner. 

Incident Management

While we always aim for smooth operations, we’re also prepared for the unexpected. If a security incident occurs, our trained Incident Response Team (IRT) immediately steps in. They’re skilled at quickly identifying, isolating, and mitigating threats to ensure minimal disruption. Regular training ensures that IRT can adapt and respond efficiently to emerging security scenarios.

Backup & Recovery

Understanding the importance of data integrity and business continuity, Kopius maintains regular backups in geographically dispersed locations. Should any unforeseen data issue arise, our recovery processes are robust and poised to restore data integrity swiftly. We encourage our clients to discuss their specific data resilience needs with their Project Lead.

Client Data Handling Protocol

Trust is the foundation of our client relationships. Kopius has stringent data handling and retention protocols in place. Client data is always treated with the utmost respect and is only utilized for agreed-upon purposes. Once our contractual commitments are met, we ensure data is either safely returned or deleted, maintaining client trust.

Dedicated Compliance Team

Navigating the global compliance landscape requires expertise, and Kopius is proud to have a specialized team for just that. They ensure we don’t just meet but often surpass regulatory benchmarks. Given the ever-changing regulatory environment, this team stays on their toes, regularly training staff, updating them on essential changes, and interacting with regulatory entities. Their forward-thinking approach and dedication make sure that Kopius is always in line with compliance standards, solidifying our reputation as a trusted and compliant business partner.