Nureva Inc. legal
Nureva Inc.

Security Practices

Effective date: April 10, 2019

Security team

Nureva has established a cross-functional security committee that is responsible for security matters. Nureva’s Information Security Management System (ISMS) uses a risk-based approach to assess and improve our security controls. This system of documented policies, procedures and manuals is used to maintain consistent security controls and to review current and emerging threats. We are actively pursuing ISO 27001 certification for our ISMS.

Hiring and training

People are central to our ISMS.

All Nureva employees are screened through identity and background checks and receive mandatory security awareness training. Our people are required to review and accept key company policies an annually. All employees are tested quarterly on social engineering attacks and receive follow-up training as required.

We take very careful and deliberate steps to manage the employment lifecycle (prior to employment, during employment and at termination or change of employment) to ensure that there are no information security exposures to our customer facing services and internal operational systems. This includes active and on-going monitoring of access to systems to ensure no unauthorized access. Our access control procedures ensure timely modification or removal of access rights when user roles change.

Network security

Our network architecture follows industry recommended practices of segmentation; the internal enterprise network is logically and physically separate from the Span Workspace production network with several layers of access control implemented to restrict access to the Span production environment.

Change management

We use documented change management procedures to ensure changes to information systems and services are done reliably and with the least impact to customers and internal users.

Incident response

If a security event is suspected to have occurred, our security incident process guides us through threat evaluation and containment of the event. This process includes appropriate notifications to customers.

To view the Security Practices for Nureva™ Span™ Workspace click here