<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=923472301131672&amp;ev=PageView&amp;noscript=1">

Span™ Software Security and Privacy Information

Nureva privacy policies, trademarks and terms of service

Effective date:January 11, 2016

Overview

Span™ software is built on the Microsoft® Azure™ platform. As one of the world’s most secure and trusted cloud services, Azure is packed with a range of security features, protocols and procedures. To learn more about Azure, visit the Microsoft Azure Trust Center (https://azure.microsoft.com/en-us/support/trust-center/).

Design and operational security

The trustworthy technology foundation provided by the Azure cloud services addresses design and operational security. Here’s a paragraph from the Microsoft Azure Trust Center that addresses design and operational security:

Microsoft designs its software for security from the ground up and helps ensure that the Azure infrastructure is resilient to attack. We assume breaches of our systems as a security strategy, and our global incident response team works around the clock to mitigate the effects of any attacks against the security of Azure. These are backed by centers of excellence that fight digital crime, respond to security incidents and vulnerabilities in Microsoft software, and combat malware.

To learn more, visit https://www.microsoft.com/en-us/trustcenter/security/designopsecurity.

Identity and access

Users will access Span software with an account created for them by their system administrator. The system administer generates accounts from the server for Span software, which uses Azure for account identify and access management. Each account uses industry-standard password protection. Passwords are encrypted, so only the user will know what it is. Users can change their password at any time.

Encryption and key management

For data that is in transit, Span software uses industry-standard transport protocols between user devices and the Microsoft datacenters. It also uses industry-standard encryption safeguards for the data that is at rest within the Microsoft datacenters. Finally, Span software uses the Azure Key Vault technology to securely manage encryption keys. To learn more about Key Vault, visit https://azure.microsoft.com/en-us/services/key-vault/.

Threat management

To protect against online threats, Azure offers Microsoft Antimalware for cloud services and uses detection and mitigation techniques to protect against DDoS attacks.

Monitoring, logging and reporting

Nureva uses the Azure alert system to monitor deployments. Azure offers centralized monitoring and analysis systems that provide continuous visibility and timely alerts for our Nureva support team.

Penetration testing

Nureva commissioned a large security assessment company to perform a security and vulnerability assessment of the Span service. Nureva will continue to perform penetration testing from time-to-time. If these tests reveal the need for corrective action, Nureva will incorporate the appropriate fixes into its subsequent software releases.

Furthermore, Microsoft conducts regular penetration testing to improve Azure security controls and processes.

Privacy

You can review the Nureva privacy policy at http://www.nureva.com/privacy-policy.

You can review the Azure privacy policy at https://azure.microsoft.com/en-us/support/trust-center/privacy/.

Microsoft Azure transparenc

Given that Span software is built on the Microsoft Azure platform, its users can take comfort in knowing everything Microsoft does to keep customer data safe. Visit the following section in the Microsoft Azure Trust Center to learn more about how Microsoft provides transparency to its customers in how it deals with data: https://azure.microsoft.com/en-us/support/trust-center/transparency/.

Two sections worth calling out follow:

1. Microsoft does not use Azure customer data for advertising—we do not share it with our advertiser-supported services or mine it for marketing. This policy is backed by our enterprise cloud service agreements and reaffirmed by Microsoft’s adoption of the first international code of practice for cloud privacy, ISO/IEC 27018.

Microsoft will use customer data only for purposes compatible with providing you the services. In addition to day-to-day operations, Microsoft customer support and operations personnel may access customer data to provide customer support, troubleshoot the service, improve features (such as protection against malware), or comply with legal requirements.

To learn more, visit https://www.microsoft.com/en-us/trustcenter/privacy/you-own-your-data.

2. Every year, Microsoft undergoes third-party audits by internationally recognized auditors as an independent validation that we comply with our privacy policies and procedures. These document how we meet our security and compliance objectives, and, when shared with you, serve as a practical mechanism to validate our promises.

To learn more, visit https://www.microsoft.com/en-us/trustcenter/privacy/you-own-your-data.

Microsoft conforms to global standards that are certified independently. Azure meets a broad set of international and industry-specific compliance standards, such as ISO/IEC 27018, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards like Australia IRAP, UK G-Cloud, and Singapore MTCS.

Rigorous third-party audits, such as by the British Standards Institute, verify Azure’s adherence to the strict security controls these standards mandate. As part of Microsoft’s commitment to transparency, you can verify their implementation of many security controls by requesting audit results from the certifying third parties.

Nureva Inc. Span Software Security and Privacy Information
Nureva Inc: 1000, 1221 8 Street SW, Calgary, Alberta, Canada, T2R 0L4