Frequently Asked Questions on Kaspersky business, solutions and services
Kaspersky’s business operations remain stable. The company guarantees the fulfillment of its obligations to both partners and customers – including product delivery and support and financial transaction continuity.
Yes. Kaspersky is a private international company with its holding domiciled in the UK. The company operates in more than 200 countries and territories and has more than 30 offices across the globe. Almost 80% of Kaspersky’s operations are international, and our local businesses are run by local entities, which gives us the opportunity to effectively and independently control our international and local operations.
Yes. Kaspersky has a 25-year history of developing best-in-class cyber security solutions and providing cutting-edge threat analysis. Our customers can be confident in the integrity and security of Kaspersky’s solutions, its engineering practices and data services confirmed by third party independent assessments, including the SOC 2 (Service Organization Control for Service Organizations) Type 1 audit by a Big Four auditor, and ISO27001 certification. Trustworthiness of our products has been also confirmed by independent reviews.
Kaspersky frequently scores the best in independent ratings and has received some of the most prestigious international awards in independent tests conducted by leading organizations around the world. Our technologies are trusted by hundreds of global technology and OEM partners and we work together with the global IT security community as well as law enforcement agencies, including INTERPOL, Europol, as well as Computer Emergency Response Teams (CERTs) around the world.
Yes. Our internal tests and examinations confirm that the company’s global server infrastructure provides uninterrupted operation of Kaspersky’s core product portfolio. Kaspersky is a global company and our cloud servers are distributed across the globe (e.g., in Switzerland, Germany, China, Canada, etc.), enabling faster processing of information and guaranteeing server availability should one of them fail for any reason.
The Kaspersky team is proactively examining all potential risks arising amid the current situation as a matter of priority, and has been continuously carrying out needed evaluations of potential impacts related to restrictions of inter-state data-exchange processes. This includes the potential impact of restricted data exchange with the Russian Federation (e.g., blockage of traffic coming from Russian IP addresses) on the company’s products and services. Our internal tests and examinations confirm that the company’s global server infrastructure provides uninterrupted operation of Kaspersky’s core product portfolio, and that the Kaspersky Security Network (KSN) for processing cybersecurity-related data remains unaffected.
Our customers can be confident in the integrity and security of Kaspersky’s solutions, its engineering practices and data services. These have been confirmed by third party independent assessments: Kaspersky successfully passed the SOC 2 (Service Organization Control for Service Organizations) Type 1 audit by a Big Four auditor, which confirms the strong security controls for Kaspersky's process of developing and releasing AV updates against the risk of unauthorized changes. The final report, with a description of the security controls and the whole process, can be provided to our customers and partners upon request.
Kaspersky is a global company and our cloud servers are distributed across the globe (e.g., in Switzerland, Germany, China, Canada, etc.), enabling faster processing of information and guaranteeing server availability should one of them fail for any reason. Customers of our Threat Intelligence services will be able to receive data feeds and other services through our servers in Switzerland.
Kaspersky’s products employ both our own technologies and those of third parties. We do not expect any issues with the company’s products and services (including Kaspersky Security Network for processing cyberthreat-related data, updates, and product activation) in this context. Nevertheless, the Kaspersky team continues to proactively examine all potential risks and is in close contact with our technology partners in anticipation of any possible issues.
The security and integrity of our data services and engineering practices have been confirmed by independent third-party assessments - two external independent audit organizations: through the SOC 2 Audit (Service Organization Control for Service Organizations) by a Big Four auditor, which confirmed the security of Kaspersky's process for developing and releasing AV updates against the risk of unauthorized changes. Kaspersky’s data services have also been certified by TÜV AUSTRIA according to ISO/IEC 27001:2013, and recently were re-certified. Both certificates are available here and Kaspersky can provide the final report to its customers and partners upon request.
Moreover, we operate Transparency Centers across the globe, which serve as facilities for trusted partners and government stakeholders to review the company’s code, software updates, and threat detection rules. Through them, we provide governments and partners with information on our products and their security, including essential and important technical documentation, for external evaluation in a secure environment. The Transparency Center’s services are also available for remote access upon request.
First and foremost, Kaspersky never provides any law enforcement or government organizations with access to user data or the company’s infrastructure. We do provide information about such data upon request, but no outside party can directly or indirectly access our infrastructure or data itself, and Kaspersky employees validate and process all requests. Second, every request we receive goes through legal verification to ensure our compliance with applicable laws and procedures. Based on five criteria, our multistage process guides our decision-making in approving, rejecting, or appealing incoming requests. More details can be found here. Kaspersky publishes its Law Enforcement and Government Requests Report on a regular basis, and the latest information for H2 2021 is available here.
As a private company, Kaspersky does not have any ties to the Russian government; moreover, Kaspersky is not obliged to provide information to the authorities under Russia's System of Operative Investigative Measures (SORM) (or other similar laws), since the company does not provide communication services. This has been confirmed by a third-party independent legal assessment of the Russian legislation related to data-processing; the results are freely available online and provide an unbiased and fair legal assessment.
No, Kaspersky cannot be forced to do so by any government. All such requests will always be declined. For further transparency and accountability, actions around malware detection are logged and reviewed by a team of Kaspersky experts based around the world, not only in Russia.
Kaspersky’s founding principle is to detect and neutralize all forms of malicious threats, regardless of their origin or purpose. It doesn’t matter which language the threat ‘speaks’, we report on any kind of threat we discover. Along with attacks in other languages, Kaspersky’s Global Research and Analysis Team has published numerous reports on attacks with Russian-language usage in the code as well.
While Kaspersky products licenses and activation codes are generated in Russia, they are distributed to activation servers located globally. For instance, for the European region, we have local activation servers based in the region to process customer's product activation requests. The current diversified process allows us to ensure both the integrity and continuity of products’ delivery to our users.
In case any risks to the product license and activation code generation process appear, the company’s global infrastructure provides for the possibility to relocate it. Kaspersky’s team is proactively examining all potential risks arising amid the current situation and is ready to act very quickly if needed.
We have adjusted the GEO DNS setting of Kaspersky marketing and support websites, in accordance with the public information about our users' geo IP detections, in order to ensure that non-Russian visitors will be forwarded to non-Russian front-end servers.
Yes. Our internal tests and examinations confirm that the company’s global server infrastructure provides uninterrupted operation of Kaspersky’s core product portfolio, and that the Kaspersky Security Network (KSN) for processing cybersecurity-related data remains unaffected. The company guarantees the fulfillment of its obligations to partners and customers – including product delivery and support. Further examinations are currently in progress to scrutinize more scenarios and our teams are ready to act very quickly.
TÜV AUSTRIA has certified that Kaspersky applies a management system in line with the ISO/IEC 27001:2013 standard for Kaspersky Security Network (KSN) infrastructure (further - Data Service).
The re-certification concluded in 2022 covers Kaspersky Data Services, including:
- KSN system for safe storage and access to files (called KLDFS);
- KSN systems for processing statistics (called KSNBuffer database).
Certifications are available here. We provide the final report with the description to our customers and partners upon request.
The information voluntarily provided by users to Kaspersky includes cyberthreat-related data and statistics. To ensure the highest security for our users, Kaspersky's data services have been certified for IS027001 by TÜV AUSTRIA, and re-certified in 2022. Both certificates are available here. Kaspersky can provide the final report to its customers and partners upon request.
Threat-related data processing includes suspicious or previously unknown malicious files that our users voluntarily send to the Kaspersky Security Network (KSN) for automated malware analysis. In processing suspicious or previously unknown malicious files, our users make a decision as to whether to share this data with the Kaspersky Security Network (KSN) for automated malware analysis. Kaspersky always provides information concerning data processing – in particular, the complete list of data that will undergo processing – to ensure that customers are kept in the know and can make informed decisions. In our Transparency report, we publicly share information on the number of data requests received from our users and processed. The latest H2 2021 report is available here.
Within our Global Transparency Initiative (GTI), Kaspersky relocated part of its data-processing infrastructure: malicious and suspicious files voluntarily shared by users of Kaspersky products in Europe, North and Latin America, the Middle East, and also several countries in Asia-Pacific are processed in two datacenters in Zurich, Switzerland, which provide world-class facilities in compliance with industry standards to ensure the highest levels of security. In addition, Switzerland is among the few countries that have an adequacy decision with the EU, meaning that it was recognized by the European Commission for providing adequate protection of personal data. Beyond our cyberthreat-related data processing facilities in Switzerland, statistics provided by users to Kaspersky can be processed on the Kaspersky Security Network’s services located in various countries around the world (Canada, Germany, Russia, etc.). A detailed list of countries where personal data provided by users to Kaspersky can be processed is here.
All data processed and/or transferred through our products is secured through encryption, digital certificates, segregated storage and strict data access policies. In processing suspicious or previously unknown malicious files, our users make a decision on sharing this data with the Kaspersky Security Network (KSN) for automated malware analysis. Kaspersky always provides information concerning data processing - in particular, the complete list of data that will undergo processing - to ensure that customers are kept in the know and can make informed decisions. Also, on a regular basis Kaspersky publicly discloses information on how many data requests were received from our users and processed in the Transparency report. The latest H2 2021 report is available here.
Kaspersky is disappointed with the decision by the Federal Communications Commission to prohibit certain telecommunications-related federal subsidies from being used to purchase Kaspersky products and services. This decision is not based on any technical assessment of Kaspersky products – that the company continuously advocates for – but instead is being made on political grounds. Kaspersky maintains that the US Government’s 2017 prohibitions on federal entities and federal contractors from using Kaspersky products and services were unconstitutional, based on unsubstantiated allegations, and lacked any public evidence of wrongdoing by the company. As there has been no public evidence to otherwise justify those actions since 2017, and the FCC announcement specifically refers to the Department of Homeland Security’s 2017 determination as the basis for today’s decision, Kaspersky believes today’s expansion of such prohibition on entities that receive FCC telecommunication-related subsidies is similarly unsubstantiated and is a response to the geopolitical climate rather than a comprehensive evaluation of the integrity of Kaspersky’s products and services. Kaspersky will continue to assure its partners and customers on the quality and integrity of its products, and remains ready to cooperate with US government agencies to address the FCC’s and any other regulatory agency’s concerns. Kaspersky provides industry leading products and services to customers around the world to protect them from all types of cyberthreats, and it has stated clearly that it doesn’t have any ties with any government, including Russia’s. The company believes that transparency and the continued implementation of concrete measures to demonstrate its enduring commitment to integrity and trustworthiness to its customers is paramount.
Kaspersky is aware of the statement issued by Britain's National Cyber Security Centre (NCSC). While we consider this decision to be made on political, rather than technical grounds, we are open to address any concerns that customers and regulators may have regarding our operations and products in a fully transparent, open, and objective manner, including through Kaspersky Transparency Centers operating in Europe. We remain committed to providing industry-leading cybersecurity solutions to our customers in the UK and around the world.
We want to thank NCSC for the guidance related to private users, and want to assure our customers that they are protected and safe with Kaspersky, as proven by independent tests.