Effective date: May 25, 2018
Nureva has established a cross-functional security committee that is responsible for security matters. Nureva’s Information Security Management System (ISMS) uses a risk-based approach to assess and improve our security controls. This system of documented policies, procedures and manuals is used to maintain consistent security controls and to review current and emerging threats. We are actively pursuing ISO 27001 certification for our ISMS.
Hiring and training
The trustworthy technology foundation provided by the Azure cloud services addresses design and operational security. Here’s a paragraph from the Microsoft Azure Trust Center that addresses design and operational security:
People are a key component of our security program.
All Nureva employees are vetted by thorough identity and background checks and are required to attend security awareness training as well as review key company policies on an annual basis. All employees are tested quarterly on social engineering threats with follow-up training as required.
If the employment of any employee is terminated for any reason, access to the Span service and any information system is terminated at the same time.
Nureva uses LAN segmentation to compartmentalize computing devices to help protect devices that contain data.
Nureva uses documented change management procedures to ensure changes to data systems and services are done reliably and with the least impact to customers.
If a security event is suspected to have occurred, our security incident process guides us through threat evaluation and containment of the event. This process includes appropriate notifications to customers.
To view the Security Practices for Nureva™ Span™ service click here.