NUIX SAAS SECURITY
Our software development lifecycle includes formal design reviews; peer review; static and dynamic code analysis; and external third-party application security tests.
DATA ENCRYPTION AT
REST AND IN TRANSIT
Nuix encrypts customer data at rest using AES 256 encryption and in transit using SSL certificates.
We have deployed security information and event management technology and monitor activity across our systems from a 24x7 security operations center.
Nuix employs highly trained and educated security professionals who have worked for military, law enforcement and intelligence agencies and security software and consulting firms. Their skills include intrusion detection; vulnerability management; malware reverse engineering; penetration testing; cryptography; application development and security; and digital forensics and incident response.
Nuix personnel undergo background checks with the relevant police agency in each jurisdiction. Our staff are contractually required to store, process, and transmit all customer information in the strictest confidence.
Nuix software-as-a-service (SaaS) environments are protected with:
- Next-generation antivirus software, network intrusion prevention systems and host-based intrusion prevention systems
- Firewalls throughout our SaaS environment using granular access control lists
- Network-based data loss prevention systems
- Regular scans for known vulnerabilities, misconfigurations, missing patches and insecure services
- Regular patches to systems and applications
Nuix Discover® is ISO 27001:2013 certified. We maintain a rigorous information security management system for our SaaS environment.
Nuix Discover has been assessed under the Australian Cyber Security Centre’s Information Security Registered Assessors Program (IRAP).
Nuix assesses its software and operations against the US Government Federal Risk and Authorization Management Program (FedRAMP), United Kingdom G-Cloud and German C5 standards – and is a member of the Cloud Security Alliance.