Security isn't a feature. It's the foundation.

Taking security and privacy seriously.

Knowa powered by PSCA serves US plan sponsors, investment committees, and the advisors who support them. Security is designed into the platform from the start. Architected, certified, and continuously audited.

Certified · Aligned · Audited

The frameworks Knowa powered by PSCA is built to.

ISO 27001

Certified

NIST CSF

Aligned

ERISA 404(a)

Ready

US Hosted

Infrastructure

SOC 2

Aligned

Our posture

Every organisation using Knowa expects their data to remain private and protected.

We continuously strengthen Knowa to meet the evolving challenges of security and cyber threats. Every organisation using our platform expects their data to remain private and protected, and we've built Knowa with that responsibility at its core.

Knowa is ISO 27001 certified and designed in alignment with the NIST Cybersecurity Framework and the fiduciary record-keeping expectations of ERISA 404(a) and DOL audit.

While we don't disclose sensitive details about our defences, transparency matters. Below, we've outlined the key measures and standards that ensure Knowa remains a secure, compliant, and trusted environment for our clients.

Data Encryption

All user data is protected in transit and at rest. We use FIPS 140-2 certified AES-256 encryption at rest and TLS 1.3 in transit, with ECDSA and RSA algorithms. Encryption keys are managed under strict access controls with regular rotation.

Server & Infrastructure

Knowa is hosted on tier-one cloud infrastructure with physical security, redundant power, and 24/7 monitoring. Servers are hardened to industry benchmarks with continuous patching, intrusion detection, and automated failover. Separate production, staging, and development environments.

People & Access

All staff undergo background checks and sign confidentiality agreements before access to production. Access follows least-privilege principles. Privileged access is reviewed quarterly and revoked immediately on role change. Staff receive annual security and data-protection training.

Logging & Monitoring

Every authentication, access, and administrative action is logged with tamper-evident timestamps. Logs are retained in immutable storage. Anomaly detection monitors for suspicious patterns. Security events escalate to on-call engineers with defined response times.

Development & Testing

Secure software development lifecycle with mandatory peer code review, automated static analysis, and dependency vulnerability scanning. Independent penetration testing is conducted at least annually. Security fixes prioritised by severity with tracked remediation SLAs.

User Access & Authentication

Customers control their own users, roles, and permissions. Multi-factor authentication available for all accounts. Single sign-on (SSO) supported for enterprise customers. Session management, password policies, and account lockout aligned to NIST guidance.

Custom Governance Controls

Administrators can configure permissions per-workspace, per-document, and per-user. Sensitive records can be restricted to named individuals. Full audit trail for every access, edit, download, and share. Data residency and retention policies configurable to your organisation's requirements.

Request more detail

For auditors, CISOs, and security teams: we welcome the review.

For a detailed overview of our security posture, including our ISO 27001 Statement of Applicability, request access from psca@knowa.co. We welcome security reviews from prospective plan sponsors, advisors, and PSCA members.

Security you can stand behind. Fiduciary confidence you can rest on.

See how Knowa powered by PSCA brings enterprise-grade security to every investment committee, plan sponsor, and advisory firm.

Book a demo →