Security Overview

KM Execution System uses trusted third-party infrastructure and service providers to support hosting, database operations, authentication, email delivery, billing, monitoring, analytics, logging, and related service operations.

These providers may process limited information as needed to help KM Consulting operate, secure, maintain, and improve the Service.

Private workspaces require user authentication.

Customers are responsible for ensuring that only authorized users are invited to their workspace. Customers should promptly remove users who no longer need access.

Where user roles or permission levels are available, customers are responsible for assigning appropriate access based on each user’s responsibilities.

KM Execution System is designed to organize customer data by workspace or organization.

Access controls are used to help limit workspace data access to authorized users. Customers are responsible for configuring access appropriately and reviewing workspace membership regularly.

KM Execution System uses secure web connections for communication between users and the Service.

Customers should access the Service using modern browsers, secure networks, and protected devices.

KM Consulting limits internal access to customer information to situations where access is reasonably needed, such as:

• providing customer support
• troubleshooting product issues
• maintaining or improving the Service
• investigating security or abuse concerns
• processing billing or account requests
• complying with legal obligations
• protecting KM Consulting, customers, users, or third parties

KM Consulting may use logs and monitoring tools to help detect errors, diagnose performance issues, investigate suspicious activity, protect the Service, and improve reliability.

Logs may include technical information such as IP address, browser type, device type, timestamps, pages or features accessed, error messages, and related system activity.

KM Consulting may use infrastructure-provider backup, redundancy, and recovery capabilities as part of service operations.

Backups and recovery processes are intended to support business continuity and operational resilience, but they are not a substitute for customers maintaining their own records where needed.

Customers are responsible for exporting or retaining copies of important business information when required by their internal policies, contracts, regulations, or operational needs.

KM Execution System is intended for project management, task management, execution tracking, risk and issue tracking, reporting, and related business coordination.

Unless KM Consulting agrees in writing, customers should not use the Service to store highly sensitive or specially regulated information, including:

• protected health information
• payment card data
• government classified information
• export-controlled technical data
• highly sensitive personal information
• sensitive legal evidence
• records requiring special chain-of-custody controls
• safety-critical approval records

Customers are responsible for determining whether the Service is appropriate for the type of information they choose to enter.

Customers and users are responsible for:

• using strong passwords
• protecting login credentials
• keeping devices and browsers secure
• inviting only authorized users
• removing users who leave the organization
• reviewing workspace access periodically
• avoiding unnecessary sensitive data entry
• maintaining their own internal records when required
• reporting suspected unauthorized access promptly

If KM Consulting becomes aware of a security incident involving customer information, KM Consulting will review the incident and provide notices when required by applicable law or contractual obligation.

Security concerns may be reported to info@consultingkm.org.

Please include a clear description of the concern, relevant account or workspace details, and steps to reproduce the issue if safe to provide.

No online service can be guaranteed to be completely secure or uninterrupted. KM Consulting works to reduce risk through reasonable safeguards, but does not guarantee that unauthorized access, data loss, misuse, disclosure, or service disruption will never occur.