Nureva Inc.

Security Practices

Effective date: May 25, 2018

Security team

Nureva has established a cross-functional security committee that is responsible for security matters. Nureva’s Information Security Management System (ISMS) uses a risk-based approach to assess and improve our security controls. This system of documented policies, procedures and manuals is used to maintain consistent security controls and to review current and emerging threats. We are actively pursuing ISO 27001 certification for our ISMS.

 Hiring and training

People are a key component of our security program.

All Nureva employees are vetted by thorough identity and background checks and are required to attend security awareness training as well as review key company policies on an annual basis. All employees are tested quarterly on social engineering threats with follow-up training as required.

If the employment of any employee is terminated for any reason, access to the Span service and any information system is terminated at the same time.

Network security

Nureva uses LAN segmentation to compartmentalize computing devices to help protect devices that contain data.

Change management

Nureva uses documented change management procedures to ensure changes to data systems and services are done reliably and with the least impact to customers.

Incident response

If a security event is suspected to have occurred, our security incident process guides us through threat evaluation and containment of the event. This process includes appropriate notifications to customers.

To view the Security Practices for Nureva™ Span™ service click here