K&H is SOC 2 Compliant

Our internal capabilities have been subjected to a SOC 2 (service organization control) auditing (previously called SAS 70). This audit is performed annually by Certified Public Accountants, Moss-Adams. This audit tests security, system availabiity, process integrity. confidentiality and privacy protocols. This stringent protection is critical for sensitive database-driven programs for financial, insurance, healthcare and government organizations.

K&H Election Services: serious about security

raycpu_0725Voting is an American institution. We recognize and value the importance of our democratic system. And that's why we are adamant about security during every step of the ballot printing and mailing process. Below you'll find information about the rigorous steps we take to protect your county's information.


All K&H employees, authorized client representatives, and escorted authorized observers are issued security coded identification badges which must be worn at all times. Badges must be used to pass through all door entries. ID badges are issued according to level of security clearance. At no time will anyone be allowed unescorted into any area in which they don't have security clearance. In addition, all material being held for mail entry is locked in a 1,000-square-foot cage available to only a few key managers.

Data Transfer

For any job that is confidential or requires security, we download forms on our secure FTP site. Files are destroyed after production. During production, the product is under the direct control/possession of a designated individual at all times. All employees sign nondisclosure agreements. If the plant shuts down, or any printed product must be left unattended, we store it in our locked secured storage area, which is accessible only with badge during work hours and sealed with a numbered seal at night. The seal is recorded on our secure storage log, and rights to break the seal are limited to specific employees. After hours, Sonitrol is programmed to limit access only to key, designated employees.

Secure Data Management

Once customer data is processed, it is encrypted and stored on a system that is backed up to a secure offsite location, or destroyed after processing as customer directs.

We keep customer data on a secure, needs-based access system, with Intrusion Detection Systems at the perimeter. We shred all waste materials from the manufacturing process. Limited personnel have access to secure data.

Media Handling

Controls are in place to appropriately classify, label and protect sensitive information on backup media, in hardcopy and in other forms while in transit and storage, and to destroy sensitive data in accordance with established retention policies.

Some media handling policies are customer specific, depending on level of security required. For defense contract work, disks and hard copies are kept in possession of authorized personnel (or locked in a secure area at night) until the end of production. All files are deleted upon completion with verification of removal by authorized personnel. All hard copies of materials produced that are not delivered to the customer are shredded. All customer-supplied disks and hard copies are returned to customer.

We require non-disclosure agreements from our employees and restrict which personnel can work on secure jobs depending on the level required.

Data Storage

All data is stored at our co-location and backed up at our corporate headquarters in Everett, WA. Our co-location facility requires a three factor authentication (fingerprint, combination and card access) to physically access the facility. We are point-to-point connected to our co-location via fiberline. We are considered the cold site provider to our co-location class-A data center.

To guard against catastrophic loss, all files on our server are backed up daily and transferred to this location.

Disaster Recovery

K&H has an established disaster recovery resource partner that is located out of state. This company is equal to or in excess of K&H when it comes to capacity and security. This company works with financial and HIPAA records on a daily basis. We would partner with them to store up to a month's worth of inventory in the event we were not able to get our main manufacturing plant up and running.

We have had no loss of business due to disasters, labor issues or contingency events in the past. However, K&H has a Disaster Recovery and Business Continuity Plan available upon request. K&H has a co-location based in Everett, WA which is a class-A data center.

In the event of an unforeseeable circumstance, K&H will immediately communicate any and all deviations from normal business practices, thus keeping customers notified and up to date.

Telecommunications, work-in-progress, Internet, prepress, customer service functions and all production services would be transferred and customer work would continue to be produced. We also facilitate duplicate storage of all product files in a secure, offsite location.

In the event of a disaster, we would issue a new secure pass code and user ID to the certified customer contingency site. If the customer currently has alternate contingency sites, we would need a list of these sites to aid in validating authenticity.

If you have any specific concerns about security at K&H Election Services, please contact us.