At Nomisma Solutions, protecting the privacy and security of our customers and prospects is of utmost importance. We have employed a team of professionals who ensures that all the necessary security steps are taken. The purpose of this policy is to establish a framework for managing risks and protecting the Company’s IT infrastructure, computing environment, hardware, software and any and all other relevant equipment (“IT Systems”) against all types of threats, internal or external, intentional or unintentional. Our security policies are GDPR compliant, and we have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
2. Standard Practice at Nomisma
We follow a standard practice which ensures that all your data is secured. We have implemented certain measures in order to secure data.
2.1 Highly Secured Environment Servers are located within enterprise-grade hosting facilities. Access is restricted to authorised staff through a combination of biometric systems and 24/7 onsite security guards.
2.2 Network and firewall security Multiple layers of firewalls, intrusion protection systems, and routers control external access to our servers. These are configured, monitored, and updated according to industry best practice.
2.3 High Availability Nomisma uses redundant hardware, networks, data centres, and infrastructure. These ensure that if any component fails, Nomisma will keep on running – with little or no disruption to your service.
2.4 User-access control Access control is driven by the access-control matrix and audited regularly.
2.5 Online data security All data is safely and securely stored online and backed up on our secure servers.
2.6 Automatic Backups Automatic data backup enabled, in the event of failure, we will be able to restore the data.
2.7 Data Encryption 128–bit encryption, to ensure all transmission of data between users and Nomisma is encrypted. This stops anyone from viewing the information being sent over the internet.
2.8 Audit Trail All transactions and users are captured through audit logs, which provide information about user activities within the Nomisma system. Nomisma records the “user audit trail”, which allows us to keep track of exactly who has accessed which feature in Nomisma.
3. How we follow the ‘confidentiality, integrity and availability’ obligations under GDPR?
Our security measure goes beyond the way we store or transmit information. Our security also ensures that the data can be accessed, altered, disclosed or deleted only by the designated person and the Data Protection Officer. The data we held is complete and accurate. Also this data is accessible whenever required. In case, the personal data is lost, altered or destroyed, we are able to retrieve the original data.
4. Vulnerability Scanning
Network security scanning gives us a deep insight for quick identification of out-of-compliance or potentially vulnerable systems. We carry out regular vulnerability scanning assessments and patch managements, threat protection technologies and scheduled monitoring to identify, assess, mitigate and protect against identified security threats, viruses and other malicious code. We have also implemented network security controls that provide for the use of enterprise firewalls and layered DMZ architectures, and intrusion detection systems and other traffic and event correlation procedures designed to protect systems from intrusion and limit the scope of any successful attack.
We have placed industry-leading infrastructure to protect against and mitigate the impact of denial of service attacks. In addition to our extensive internal scanning and testing program, we also work with third-party security experts and researchers to perform security checks and broad penetration tests.
5. Data Center Security
We ensure the confidentiality and integrity of your data with industry best practices. Our servers are hosted at Tier IV or III+, PCI DSS, SSAE-16, or ISO 27001 compliant facilities. Our Security Team constantly pushes security updates and actively responds to security alerts and events.
6. Data Protection
The collection, processing and storing of data is in compliance with GDPR. We are practicing the standard industry encryption whenever we are transmitting data over any medium. No personal data is shared with anyone individually or personally. All records are kept whenever data is collected, from whom is collected, who is the receiver, where the data is stored and with whom the data has been shared for processing. Whenever any personal data is deleted, we ensure that it is deleted securely and all the hardcopies present with it are shredded as well. All personal data are kept securely with our organization and only authorized personnel’s have the requisite access.
7. Business Continuity
The Company has in place adequate business resiliency/continuity and disaster recovery procedures designed to maintain any information and the supply of any service and/or recovery from foreseeable emergency situations or disasters.