·
2 minute read
Kanda is a trusted software product engineering, AI, Machine Learning, Cloud, and DevOps partner for every phase of the software development lifecycle with over 30 years of experience and expertise. They service variety of industries including healthcare, life sciences, education, real estate, aviation, non-profit, and ISVs. The company brings a team of 850+ engineers, BAs, product managers, DevOps and AI experts across Central Europe, Asia, Latin America and the US, with US-based leadership accountable for day-to-day quality and client communication.
Trusted by Fortune 500 companies including Johnson and Johnson, Thermo Fisher Scientific, Alphabet, AstaZeneca and many others, Kanda treats the security of customer data and intellectual property as a foundational commitment, not an afterthought.
A Global Team With a Lot to Protect
With delivery teams spread across multiple continents, Kanda Software’s delivery timeline and engagement model functions with minimal setbacks when clients have full faith in the infrastructure’s security posture.
For software companies, certification has been the starting point of this trust. For the past five years, Kanda has maintained ISO 27001 certification to maintain client trust, given ISO’s global reputation.
Alex Koifman, Director of IT and Security at Kanda, has been with the company for over ten years. He oversees everything from endpoint management with Microsoft Intune and Microsoft Defender 365 to security training for every new hire.
The Challenge: When Clients Don't Just Take Your Word for It
Given the stringent and rigorous regulatory environment of organizations the company serves, failproof security is non-negotiable for these clients. For them, a simple certificate does not indicate sufficient proof of good security practices - they check disk encryptions, VPN configurations, antivirus standards, and multi-factor authentication before sharing full access to their systems.
Alex Koifman, Director of IT and Security at Kanda, recalls a defining moment: an early client raised concerns about a perceived security gap — an experience that became the catalyst for how Kanda thinks about compliance today.
The recertification cycle also demanded real rigor across a distributed workforce. The process of onboarding as well as offboarding staff located across multiple countries and time zones creates constant security operations pressure. New contractors and employees require security tooling, training, and access controls.
The Solution: Human Judgment Over Automation
When Kanda evaluated audit providers for its most recent recertification, Prescient Security stood out on merit. With a plethora of options in the market, the team prioritized quality throughout the evaluation process.
Kanda preferred the traditional audit route over GRC automation platforms. The rationale behind this decision was the need for human judgment over automated tools. "We wanted a human being to go over what we have as far as security," noted Koifman. "We didn't want to delegate this to a tool."
Prescient Security conducted the audit with that expectation in mind. The process was thorough and demanding, but never arbitrary. Whenever our experts detected gaps, they were clearly marked and described. Where controls were in place, the team gave credit. Koifman described the auditors as "firm but flexible," noting that common sense guided the engagement when edge cases came up.
Kanda’s internal expertise on tooling and configuration, paired with Rhymetec’s strategic compliance layer, worked in harmony till the recertification finish line.
The full recertification, from engagement to certification, was completed in approximately one month.
The Results: Certified, Credible, and Back in the Room
- ISO 27001 recertification completed in approximately one month
- Security posture satisfies active due diligence from regulated clients and financial institutions
- ISO 27001 certification is a prerequisite for all new client engagements, enabling Kanda to compete for and expand projects across regulated industries
Clients in regulated industries will stall approval to start even small projects if the vendor fails to demonstrate sufficient proof that their security practices are more than just policies. ISO 27001 certification got Kanda through the door and kept them in.
Koifman noted certification shows value in the long run. Clients no longer ask if you are certified - they verify if controls, encryption, MFA, and endpoint protection are actually in place before connecting to their infrastructure. Certification signals the starting point. The culture behind the certification closes the deal.
