Security Practices

How KWALL protects your digital assets and data

Last updated: April 2, 2026

Overview

KWALL LLC (“KWALL”) is committed to maintaining the highest standards of security across all client projects. As a digital agency serving higher education, nonprofit, and enterprise organizations, we understand the critical importance of protecting sensitive data and maintaining secure digital infrastructure. This page outlines the security practices we employ to safeguard your websites, applications, and data.

Infrastructure Security

KWALL leverages enterprise-grade hosting platforms to ensure robust infrastructure security:

  • Pantheon hosting platform: Our primary hosting partner provides containerized runtime environments, automated failover, and geographically distributed infrastructure with SOC 2 Type II certification.
  • SSL/TLS encryption: All sites are served over HTTPS with modern TLS protocols, ensuring encrypted communication between users and servers.
  • HSTS enforcement: HTTP Strict Transport Security headers are implemented to prevent protocol downgrade attacks and cookie hijacking.
  • CDN and WAF: Content delivery networks and web application firewalls provide DDoS protection, traffic filtering, and edge-level security.
  • Network isolation: Development, staging, and production environments are isolated to prevent cross-contamination.

Application Security

KWALL follows industry best practices for application-level security across WordPress and Drupal platforms:

  • CMS security best practices: We follow WordPress and Drupal security hardening guidelines, including disabling XML-RPC where appropriate, limiting login attempts, and implementing security headers.
  • Plugin and module vetting: All third-party plugins and modules undergo security review before installation, with preference given to actively maintained projects with strong security track records.
  • Regular updates: We maintain a proactive update schedule for CMS core, plugins, modules, and themes to ensure known vulnerabilities are patched promptly.
  • Code review: Custom code undergoes peer review with attention to OWASP Top 10 vulnerabilities, including SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
  • Input validation and sanitization: All user inputs are validated and sanitized to prevent injection attacks.

Data Protection

  • Encryption at rest and in transit: All data is encrypted using industry-standard encryption both during transmission (TLS 1.2+) and at rest (AES-256).
  • Access controls: Role-based access control (RBAC) ensures users only have access to the resources necessary for their function.
  • Least privilege principle: All system accounts and service credentials follow the principle of least privilege, granting only the minimum permissions required.
  • Backup and recovery: Automated daily backups with point-in-time recovery capabilities ensure data can be restored in the event of loss or corruption.

Monitoring and Detection

  • Uptime monitoring: 24/7 uptime monitoring with automated alerts ensures rapid response to availability issues.
  • Security scanning: Regular automated security scans identify vulnerabilities, malware, and configuration issues.
  • Log management: Centralized logging and monitoring of access patterns help detect and investigate suspicious activity.
  • Incident response: Established incident response procedures ensure rapid containment and remediation of security events.

Compliance

KWALL maintains awareness of and alignment with relevant compliance frameworks:

  • FERPA awareness: For our higher education clients, we implement practices that support compliance with the Family Educational Rights and Privacy Act, including appropriate data handling and access controls for student information.
  • ADA/Section 508 compliance: All websites are built to meet WCAG 2.1 Level AA accessibility standards, supporting compliance with the Americans with Disabilities Act and Section 508 of the Rehabilitation Act.
  • SOC 2 alignment: Our internal practices align with SOC 2 Trust Service Criteria, covering security, availability, processing integrity, confidentiality, and privacy.

Vulnerability Management

  • Regular patching: Security patches are applied promptly, with critical vulnerabilities addressed within 24-48 hours of disclosure.
  • Responsible disclosure: We maintain a responsible disclosure program. Security researchers who discover vulnerabilities are encouraged to report them to security@kwallcompany.com. We commit to acknowledging reports within 48 hours and working collaboratively toward resolution.
  • Dependency monitoring: Automated tools monitor third-party dependencies for known vulnerabilities.

Client Responsibilities

Security is a shared responsibility. We ask our clients to:

  • Use strong, unique passwords for all CMS accounts and enable multi-factor authentication.
  • Manage user access carefully, removing accounts for departed staff promptly.
  • Keep content up to date and avoid publishing sensitive information unnecessarily.
  • Report any suspected security issues to KWALL immediately.
  • Follow KWALL’s recommendations for security configurations and updates.

Incident Response

In the event of a security incident, KWALL follows a structured response process:

  • Notification: Affected clients are notified promptly upon confirmation of a security incident that impacts their data or services.
  • Containment: Immediate steps are taken to contain the incident and prevent further damage or data exposure.
  • Remediation: Root cause analysis is performed, and corrective measures are implemented to prevent recurrence.
  • Post-incident review: A thorough review is conducted after each incident, with findings documented and shared with affected parties as appropriate.

AI Security

As KWALL integrates AI-powered services into our offerings, we maintain strict security standards for these technologies:

  • Data handling: Client data processed through AI services is handled in accordance with our data protection policies and applicable privacy regulations.
  • No unauthorized training: Client data is never used to train AI models without explicit written consent from the client.
  • API security: All AI service integrations use encrypted API connections with proper authentication, rate limiting, and access controls.
  • Vendor assessment: AI service providers undergo security assessment before integration into client projects.

For security inquiries or to report a vulnerability, please contact us at security@kwallcompany.com.