Information Security Policy

 

logo_nxtport original

Information Security Policy

v1.0 - 10-12-2018

Introduction

The aim of this document is to answer the most frequently asked questions regarding NxtPor's Information Security Policy. Capitalized terms used in this Information Security Policy and not separately defined shall have the respective meanings ascribed in the  or the Customer Specific Agreement.

Data Centers

NxtPort's goal is to enable you to share your information through API's. For most use cases NxtPort collects your Data, stores it and indexes it. At all times do you, the Data Provider, keep full ownership over your Data. Protecting your Data and the Data of your customers is extremely important to us.
If this document does not answer your questions and you require more in-depth information about NxtPort's Information Security Policy, please do not hesitate to contact us at via http://support.nxtport.com or email (support@nxtport.com).

The NxtPort platform runs on the Microsoft Azure Cloud platform and therefore in Microsoft's datacenters. Microsoft cloud services are audited at least annually against SOC 1 (SSAE18, ISAE 3402) and SOC 2 (AT Section 101) standards. More information is available on The Microsoft website.
The NxtPort platform deploys services on (Tier 4) Microsoft Azure data centers in West Europe only.

Misuse

NxtPort aims to be on the cutting edge of compliance and delivery. Live data can never be accessed by anonymous parties. A Data User can access Data only if granted that access by the Data Provider. Additionally, NxtPort closely monitors API usage and, if detecting an account with indications of suspicious activity, takes immediate action as appropriate for the specific case, such as suspension of access, contacting the Subscriber and/or contacting the Data Provider.

Application Security

NxtPort fully understands the importance of that software security. In addition to continuously scanning its code for vulnerabilities, NxtPort also:

  • Securely transfers all your Data and encrypts it at rest;
  • Is planning an independent penetration test in 2018, to be repeated annually;
  • Is preparing for ISO 27001 and 27002 certification.

If you identify a vulnerability in a NxtPort site or service, you can identify it to us via http://support.nxtport.com or email (support@nxtport.com).

Operational Security

Access to NxtPort systems and your Data is restricted only to those who need access in order to provide you maximum support. NxtPort maintains a strict separation between its development, test and production environments.
With its employees, contractors, and vendors working on its behalf, NxtPort has in place:

  • Signed confidentiality agreements;
  • Termination/access removal processes;
  • Acceptable use agreements.

Security is the responsibility of everyone who works for NxtPort. NxtPort trains its employees to identify security risks and empowers them to take action to prevent bad things from happening.

Business Continuity/Disaster Recovery

By deploying its platform to Microsoft Azure Cloud platform, which has redundant and geographically separate data centers, NxtPort can provide you with consistent services. All service layers (ingestion, storage, processing, API management and identity management) are deployed with redundancy so as to allow for quick recovery in case a single data center goes down.

Privacy

You can review the NxtPort privacy policy, but let us already state very clearly that we are committed to the confidentiality of your Data.