N.Rich takes data security very seriously. Even though we only store pseudonymised end-user personal data, we may process and store sensitive data from our clients, such as sales opportunity data from CRM. This is why Data Security is of utmost importance for us and we enforce strict standards of data security within our own organisation and to our partners and contractors.
the preservation of confidentiality (ensuring that information is accessible only to those authorized to have access), integrity (safeguarding the accuracy and completeness of information and processing methods) and availability (ensuring that authorized users have access to information and associated assets when required).
Outline for ISO/IEC 27002:2013
Information Security Policies
Organization of Information Security
Human Resource Security
Physical and environmental security
Operation Security- procedures and responsibilities, Protection from malware, Backup, Logging and monitoring, Control of operational software, Technical vulnerability management and Information systems audit coordination
Communication security - Network security management and Information transfer
System acquisition, development and maintenance - Security requirements of information systems, Security in development and support processes and Test data
Supplier relationships - Information security in supplier relationships and Supplier service delivery management
Information security incident management - Management of information security incidents and improvements
Information security aspects of business continuity management - Information security continuity and Redundancies
Compliance - Compliance with legal and contractual requirements and Information security reviews
We are happy to share the full standard documentation when requested.