We Care About Your Company’s Data Security

Check out our approach to data security for our clients and users. Data security is fundamental when choosing the right platform.

SECURITY POLICY

Documentation

We have implemented and maintain an Information Security Management System (ISMS) based on the ISO 27001 standard. The system takes into account our internal and external context as well as legal requirements.ISO 27001. System uwzględnia nasz kontekst wewnętrzny i zewnętrzny oraz wymagania prawne.

RESPONSIBLE DATA MANAGEMENT

Roles and responsibilities

In accordance with ISO 27001, we have appointed an Information Security Management System Manager and a Business Continuity Manager (in line with ISO 22301). A designated, certified Data Protection Officer ensures our compliance with GDPR regulations.ISO 27001 wyznaczyliśmy Managera Systemu Zarządzania Bezpieczeństwem Informacji oraz Managera Ciągłości Działania (zgodnie z ISO 22301). Za naszą zgodność z RODO odpowiada wyznaczony, certyfikowany Inspektor Ochrony Danych Osobowych.

BUSINESS CONTINUITY

Plan and regular testing

Following the recommendations of ISO 22301, we have implemented a Business Continuity Program and a Disaster Recovery Program. We maintain both primary and backup centers located within the European Union. Regular recovery and continuity tests are conducted.

THIRD-PARTY SECURITY

Trusted, secure suppliers

We rely exclusively on vetted, reputable service providers. Compliance with security standards such as ISO 27001, ISO 27017, ISO 27018, ISO 22301, SOC 2, SABSA, PCI DSS, HIPAA/HITECH, and EU-U.S. Privacy Shield is required from our suppliers.ISO 27001, ISO 27017, ISO 27018, ISO 22301 SOC2, SABSA, PCI DSS, HIPAA/HITECH, EU-U.S. Privacy Shield.

SOFTWARE DEVELOPMENT PROCESS

Secure software development

Our software development process adheres to the Secured Software Development Life Cycle (SSDLC), maintaining a strict separation of development and production environments. We do not use customer data in testing, and systematic security testing is integral to our development practices.

SECURITY TESTING

Regular penetration testing

We conduct regular, periodic penetration tests. These are independent of the security tests carried out during the software development process. Detected vulnerabilities are remediated, and root causes are analyzed to prevent recurrence.

DATA ENCRYPTION

Storage and transmission

Data entrusted to us is secure from the moment it leaves the client’s environment (in transit) and throughout its storage in our systems (at rest).

RELIABILITY

High availability and scalability

We have implemented monitoring solutions to ensure the availability of the Nais platform infrastructure and integrated services. The maximum allowable downtime for the system is only 49 minutes per month, providing 99.9% availability for Nais clients.

Nais Security - Questions

What happens to an employee's data when they are removed from the program?
How are user passwords stored?
Will the employer see the details of my activities?
On what basis are user data used and what are the rules for entrusting data?
In which cloud is the service provided? What kind of cloud is used for data processing and storage in Nais?
Integrations with other systems — What systems does Nais integrate with and how does this process take place (e.g. sports systems)?
Are you ISO 27001 certified?
Are the reports adaptable to individual needs or are they permanent?
Does the employee have to have an email?
What HR systems do you integrate with?
Do the funds in the account accumulate? For what time?
Can I use my own funds to pay for benefits?
How is data transferred between Nais systems and customers?
Does the employee have all the data and functionality in the mobile application?
How and how does the employee receive notifications and about which shares, for example, about the need to renew the benefit fee if he buys it himself?

Nais: Real Solutions and a Proven Partner

Take a moment to work with us on solving your company's challenges.

e-mail: 

hello@nais.co