Kingdee Cloud Stellar Trust Center - Business Management Software - ERP Software System - Integrated Purchase-Sales-Inventory and Financial Management Software

Trust Center

Provides a trustworthy, secure, and reliable platform for

enterprise services

How We Earn Your Trust?

Threats from both external and internal sources could cause severe impacts on your business running on
Kingdee's cloud services, We have implemented comprehensive measures to safeguard it.

How We Protect The System?

How We Protect Your Data?

How The Service
Is Protected On
The Cloud?

Kingdee’s cloud service runs in a secure
environment with multiple security protection
measures implemented to prevent intentional
or unintentional intrusions.

What we have done to protect
your Assets?

Security

Compliance

Security and Privacy Certification

Privacy

Privacy Statement for Cloud Stellar

How The Security
Responsibility ls
Shared?

Kingdee offers SaaS leveraging the infrastructure and
platforms supplied public CSPs. In our shared-
responsibility model, the security responsibility are
allocated among the customer, Kingdee, and CSPs.

Recognized for Excellence,
Built on Strength

Fully complies with standards and regulations and is reviewed
by third parties.

Network Security Level
Protection (Level 3)

CMMI 5

ISO 27001

CSA STAR

How To Report A
Security lssue?

If you find or encounter any possible security
vulnerability in Kingdee's products or services,
please notify Kingdee product security team.

Email:

psirt@kingdee.com

Information that could help us locate, identify or mitigate vulnerability such as requests with injection, screenshots of pop-out, prove-of-concept code, etc.

Your email will be confirmed as received within 24 hours and it may take a few days to verify the reported vulnerability. We will contact you through the sender’s email address if further communication or inform action is required.

Frequently Asked Questions

How access privilege is controlled by Kingdee's products?

Kingdee uses an access control model based on RBAC (Role-Based Access Control), which defines different user permissions through roles. The model supports data access permission control at different granularities, such as the functional, field, and data levels.

Kingdee supports the access management strategy of separating the system administrator, security administrator, and audit administrator roles.

Is the cloud infrastructure provided by Kingdee Cloud secure enough?

Kingdee’s public cloud utilizes renowned CSPs, which offer a complete security and privacy protection system, have obtained recognized security certifications (such as ISO27001, ISO27701, and CSA-STAR), and regularly receive SOC 2 attestation reports from third-party external audits.

How does Kingdee Cloud ensure the security of my data on the cloud?

Kingdee attaches great importance to your data assets and takes data protection as the core of its security strategy. Only authorized users can access the data, and data access permissions can be managed at different granularities, such as the functional, field, and data levels. For sensitive business data, Kingdee supports encryption using different encryption algorithms, such as common security encryption algorithms like Advanced Encryption Standard (AES)

Do note that Kingdee is only the custodian for the content data generated when you use cloud services; you have ownership and control over it. You are responsible for specific data security configurations and must therefore effectively ensure its confidentiality, integrity, and availability, as well as the authentication and authorization of data access.

If I am a multinational enterprise, how can I ensure compliance with privacy laws such as the EU's General Data Protection Regulation (GDPR)?

When using Kingdee cloud services, you should request Kingdee to configure cross-border security settings, which include encrypted data storage, data masking for display, encrypted transmission, etc. Your domestic branches and the foreign headquarters should sign EU-recognized SCCs. To mitigate risks, establish a security and privacy management system in accordance with the local regulation’s requirements, deploy cloud services locally, and de-identify personal information before transferring it to the foreign headquarters.