QUALITY WITHOUT COMPROMISE
All Nuix software has been certified compliant with the ISO 27001, 27017 and 27018 information security standards. We maintain rigorous information security management systems for our software as a service (SaaS) and software development environments.
Nuix Discover® has been assessed under the Australian Cyber Security Centre’s Information Security Registered Assessors Program (IRAP) and the Australian Prudential Regulation Authority CPS 234 regulation for Australian financial institutions and their suppliers.
We assess our software and operations against the US Government Federal Risk and Authorization Management Program (FedRAMP), United Kingdom G-Cloud and German C5 standards – and we’re a member of the Cloud Security Alliance.
KEEPING YOUR DATA SAFE
Our software development lifecycle includes formal design reviews; peer review; static and dynamic code analysis; and external third-party application security tests.
DATA ENCRYPTION AT
REST AND IN TRANSIT
Nuix encrypts customer data at rest using AES 256 encryption and in transit using SSL certificates. You can run Nuix Workstation and the Nuix Engine in FIPS mode, meeting the US Government’s Federal Information Processing Standard 140-2 for cryptographic modules.
We have deployed security information and event management technology and monitor activity across our systems from a 24x7 security operations center.
Nuix employs trained security professionals who have worked for military, law enforcement and intelligence agencies and security software and consulting firms. Their skills include intrusion detection; vulnerability management; malware reverse engineering; penetration testing; cryptography; application development and security; and digital forensics and incident response.
All Nuix personnel undergo police background checks in the jurisdictions where they work. Our employees are contractually required to store, process, and transmit all customer information in the strictest confidence.
Nuix SaaS environments are protected with:
- Next-generation antivirus software, network intrusion prevention systems and host-based intrusion prevention systems
- Firewalls throughout our SaaS environment using granular access control lists
- Network-based data loss prevention systems
- Regular scans for known vulnerabilities, misconfigurations, missing patches and insecure services
- Regular patches to systems and applications