We Care About Your Company’s Data Security

Check out our approach to data security for our clients and users. Data security is fundamental when choosing the right platform.

SECURITY POLICY

Documentation

We have developed security policies, instructions, procedures, and standards covering: information security, IT systems security, and physical security (people and property).

INFORMATION SECURITY

Roles and Responsibilities

We have designated managers responsible for specific business areas and processes, as well as information and IT system security processes.
We appointed an Information Security Administrator and reported them to the General Inspector for Personal Data Protection.

DATA BACKUPS

Data Separation

We never use platform user data in the development or test environments.
Backup copies and data backups are stored separately.

SECURITY STANDARDS

Third-Party Security

We only use verified, reputable service providers.
During the supplier selection process, we pay special attention to their compliance with security standards such as: ISO 27001, ISO 27017, ISO 27018, ISO 22301 SOC, SABSA, SOX, PCI DSS, HIPAA/HITECH, EU-U.S. Privacy Shield.

SDLC

Development Process

We use the SDLC (System Development Life Cycle) methodology to assess the impact of proposed solutions on security and privacy protection.
Our solutions undergo functional and security testing before implementation.

IT INFRASTRUCTURE

Infrastructure and Environment

Our IT infrastructure is located in Poland.
We virtualize services to ensure infrastructure security.
We maintain independent environments for the Nais platform: development, test, and production.

SECURITY TESTING

Security Tests

We have implemented a program of functional tests before deploying designed solutions.
We have developed and conduct a program of periodic performance tests.
We conduct periodic security tests to identify known vulnerabilities and assess the resilience of the Nais platform to security breaches.

PERSONNEL AUTHORIZATION

Personnel Security

In managing information and IT system security, we follow the principles of authorized access, privileges, and knowledge.
Only authorized persons have access to protected information, to the extent necessary to perform their assigned tasks.
We ensure our employees are aware of the threats related to information protection.

SSL CERTIFICATES

Data Encryption

We have implemented SSL certificates to secure data transmission.

CDN AND LOAD BALANCING

Network Traffic Control and DDoS Protection

We use CDN and Load Balancing solutions to ensure traffic control and protection against DDoS attacks.

INFRASTRUCTURE AVAILABILITY TIME

Guaranteed Service Level

We have implemented solutions to monitor the availability of the Nais platform infrastructure and integrated services.
We have set the guaranteed availability time for the Nais platform infrastructure at 99.9%.
The maximum allowable downtime for the Nais platform is 49 minutes per month.

MANAGEMENT SYSTEM

Information Security Management System

We have developed, implemented, and maintain an Information Security Management System modeled on ISO 27000 series standards.

Nais: Real Solutions and a Proven Partner

Take a moment to work with us on solving your company's challenges.