Trust Center

Start your security review
View & download sensitive information
Ask for information
ControlK

Overview

Welcome to Ontrack's Trust Center.

There is no room for missteps when it comes to security.

Given the nature of our business, we are entrusted with large amounts of sensitive and confidential information by our clients and understand that security is increasingly imperative for today’s corporations. We invest significant time and money to protect your most sensitive ESI.

Compliance

ISO/IEC 27001:2022 Logo
ISO/IEC 27001:2022
ISO/IEC 27001 SoA Logo
ISO/IEC 27001 SoA
SOC 2 Type 2 Logo
SOC 2 Type 2
SOC 2 Logo
SOC 2
FISMA Moderate Logo
FISMA Moderate
NIST 800-171 Rev. 2 Logo
NIST 800-171 Rev. 2
FSQS Logo
FSQS
GDPR Logo
GDPR
TISAX Logo
TISAX
HIPAA Logo
HIPAA
HITECH Logo
HITECH
PCI DSS v4.0.0 Logo
PCI DSS v4.0.0
EU-US DPF Logo
EU-US DPF
Swiss-US DPF Logo
Swiss-US DPF

Documents

REPORTSData Flow Diagram (DFD)
REPORTSDFARS Attestation of Compliance
REPORTSFISMA Attestation of Compliance
REPORTSGDPR Attestation of Compliance
REPORTSHIPAA-HITECH Attestation of Compliance
REPORTSISO 27050 Attestation of Compliance
REPORTSNIST 800-171 Attestation of Compliance
REPORTSOWASP Attestation of Compliance
REPORTSSecurity Position Paper
COMPLIANCEEU-US DPF
COMPLIANCEFISMA Moderate
COMPLIANCEFSQS

Self-Assessments

Other Self-Assessments

Policies

Acceptable Use Policy
Access Control Policy
Asset Management Policy
View more

Security Grades

SecurityScorecard
KLDiscovery
Security Scorecard A grade
Qualys SSL Labs
https://drservice-na.ontrack.com
A+
https://drservice-client-api-na.ontrack.com
A+
https://drservice-emea.ontrack.com
A+

Reports

Data Flow Diagram (DFD)
DFARS Attestation of Compliance
FISMA Attestation of Compliance
View more

Product Security

Partners
Terms of Use

Access Control

Bring Your Own Device (BYOD)
Logging
Password Security

Infrastructure

BC/DR
Data Center

Data Security

Data Classification
Physical Security

App Security

Application Penetration Testing
Credential Management
Software Development Lifecycle
View more

Network Security

Data Loss Prevention
Firewall
Network Penetration Testing
View more

Endpoint Security

Disk Encryption
Mobile Device Management

Corporate Security

We implement internal measures and practices to maintain a high standard of security.

Continuous Monitoring

Data Loss Prevention System (DLP)
Event & Audit Log Management
Security Information & Event Management (SIEM)
View more

ESG

Anti-Bribery and Corruption
Anti-Modern Slavery
Code of Ethics
View more

Training

Employee Privacy Training
Security Awareness Training

Asset Management

Asset Inventories (Hardware/Software)
Asset Tracking
IT Asset Management (ITAM) Program
View more

Legal

Customer Audit Rights
Cyber Insurance
Privacy Policy
View more

Data Privacy

Cookies
Data Breach Notifications
Data Privacy Officer

Change Management

Change Advisory Board (CAB)
Change Management Program
Configuration Management Program

Physical & Environment

Physical Access Security
Visitor Control

BC/DR

Business Continuity Plan (BCP)
Data Backup/Backup Protection
Disaster Recovery Plan (DRP)

Risk Profile

We have secure, reliable hosting that customers can depend on. We are happy to provide details about our risk mitigation practices and recovery objectives upon request.

AI

We take the usage of AI seriously in our organization and work to ensure security and reliability of the AI.

Incident Response

We have a dedicated team that responds to security incidents. We are happy to provide more details about our incident response practices upon request.

Risk Management

We have a dedicated team that manages security risks. We are happy to provide more details about our risk management practices upon request.

Trust Center Updates

Cisco Catalyst SD-WAN Controller Authentication Bypass CVE-2026-20127 February 2026

Copy link
Vulnerabilities

We do not use Cisco for SD Wan and we do not utilize Cisco hardware, therefore, KLDiscovery is not affected by this vulnerability.

KLDiscovery SOC 2 Type II Report Now Available

Copy link
Compliance

KLDiscovery's annual SOC 2 Type II report for 2024-2025 is now available via KLDiscovery's Trust Center at https://trust.kldiscovery.com/?product=ontrack&itemUid=fa950d02-cbb3-4010-b917-7137a7c2a982&source=click

Please reach out to your primary KLDiscovery contact if you have any questions.

Vulnerabilities and Exposures events as CVE-2025-55182

Copy link
Vulnerabilities

KLDiscovery does not use the React Server. Concerning this, KLDiscovery is not affected by this vulnerability.

F5 Vulnerabilities and Exposures: CVE-2025 - 53868F5, CVE – 2025 – 57780 and CVE – 2025 – 61955

Copy link
Vulnerabilities

KLDiscovery does not own any of the affected products from F5 Networks, therefore no action has been taken outside of validating the fact that our product stack is not affected.
We do utilize NGINX as our on-premises load balancers – this product is owned by F5 but is not affected by this vulnerability.

Vulnerabilities and Exposures events as Oracle CVE-2025-61884, Oracle CVE-2025-61882

Copy link
Vulnerabilities

KLDiscovery is not affected by these vulnerabilities.

If you think you may have discovered a vulnerability, please send us a note.
Report issue
Built onSafeBase by Drata Logo