Submitted by Joseph Muir on 8 November 2021
Quality Without Compromise

By Using Nuix Technology, You’re Choosing To Work With Ever-Vigilant Professionals Whose Mission Is To Keep Your Data Safe.

We understand how critical data is to you. In a digital world where data breaches and security incidents are commonplace,
we’re obligated to protect your most sensitive information. 

We preserve the confidentiality, integrity and availability of your data by building quality without compromise into the software and services we deliver. This includes compliance with internationally recognized information security standards; physical, administrative and technical controls; highly trained security professionals; a 24-hour security operations center; strong encryption; and safeguards built into our software development lifecycle.


SECURITY
CERTIFICATIONS

 

ISO

All Nuix software has been certified compliant with the ISO 27001, 27017 and 27018 information security standards. We maintain rigorous information security management systems for our software as a service (SaaS) and software development environments.

irap

Nuix Discover® has been assessed under the Australian Cyber Security Centre’s Information Security Registered Assessors Program (IRAP) and the Australian Prudential Regulation Authority CPS 234 regulation for Australian financial institutions and their suppliers.

csa

Nuix is a member of the Cloud Security Alliance. We also assess our software and operations against the US Government Federal Risk and Authorization Management Program (FedRAMP), United Kingdom G-Cloud and German C5 standards.

KEEPING YOUR DATA SAFE

 

features

SOFTWARE DEVELOPMENT LIFECYCLE
SOFTWARE DEVELOPMENT LIFECYCLE

Our software development lifecycle includes formal design reviews; peer review; static and dynamic code analysis; and external third-party application security tests.

DATA ENCRYPTION AT REST AND IN TRANSIT
DATA ENCRYPTION AT REST AND IN TRANSIT

Nuix encrypts customer data at rest using AES 256 encryption and in transit using SSL certificates. You can run Nuix Workstation and the Nuix Engine in FIPS mode, meeting the US Government’s Federal Information Processing Standard 140-2 for cryptographic modules.

24-HOUR MONITORING
24-HOUR MONITORING

We have deployed security information and event management technology and monitor activity across our systems from a 24x7 security operations center.

SECURITY TEAM
SECURITY TEAM

Nuix employs trained security professionals who have worked for military, law enforcement and intelligence agencies and security software and consulting firms. Their skills include intrusion detection; vulnerability management; malware reverse engineering; penetration testing; cryptography; application development and security; and digital forensics and incident response.

ADMINISTRATIVE SAFEGUARDS
ADMINISTRATIVE SAFEGUARDS

All Nuix personnel undergo police background checks in the jurisdictions where they work. Our employees are contractually required to store, process, and transmit all customer information in the strictest confidence.

TECHNICAL SAFEGUARDS

Nuix SaaS environments are protected with:

  • Next-generation antivirus software, network intrusion prevention systems and host-based intrusion prevention systems
  • Firewalls throughout our SaaS environment using granular access control lists
  • Network-based data loss prevention systems
  • Regular scans for known vulnerabilities, misconfigurations, missing patches and insecure services
  • Regular patches to systems and applications
imac