Introduction

N.Rich takes data security very seriously. Even though we only store pseudonymised end-user personal data, we may process and store sensitive data from our clients, such as sales opportunity data from CRM. This is why Data Security is of utmost importance for us and we enforce strict standards of data security within our own organisation and to our partners and contractors.

Data Security

We follow ISO/IEC 27002 information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC).

ISO/IEC 27002 provides best practice recommendations on information security controls for use by those responsible for initiating, implementing or maintaining information security management systems (ISMS). Information security is defined within the standard in the context of the CIA triad:

the preservation of confidentiality (ensuring that information is accessible only to those authorized to have access), integrity (safeguarding the accuracy and completeness of information and processing methods) and availability (ensuring that authorized users have access to information and associated assets when required).^[2]

Outline for ISO/IEC 27002:2013

1. Information Security Policies

2. Organization of Information Security

3. Human Resource Security

4. Asset Management

5. Access Control

6. Cryptography

7. Physical and environmental security

8. Operation Security- procedures and responsibilities, Protection from malware, Backup, Logging and monitoring, Control of operational software, Technical vulnerability management and Information systems audit coordination

9. Communication security - Network security management and Information transfer

10. System acquisition, development and maintenance - Security requirements of information systems, Security in development and support processes and Test data

11. Supplier relationships - Information security in supplier relationships and Supplier service delivery management

12. Information security incident management - Management of information security incidents and improvements

13. Information security aspects of business continuity management - Information security continuity and Redundancies

14. Compliance - Compliance with legal and contractual requirements and Information security reviews

We are happy to share the full standard documentation when requested.

Additionally, N.Rich Salesforce integration has been security reviewed by Salesforce.

Custom security reviews

We are happy to participate to any custom security review processes our clients require.