Data Security and Privacy

4 minutes
11 months ago

At Newforma Konekt, we value the trust that our customers place in us by letting us act as custodians of their data. We take our responsibility to protect and secure your information seriously and strive for complete transparency around our security practices detailed below. Our Privacy Policy further details the ways we handle your data.

Data Center/Physical Security

Newforma Konekt customer data is stored in Microsoft Azure and AWS data centers, which are ISO/IEC 27001- and ISO/IEC 27018-certified. These data centers have extensive layers of protection: access approval at the facility’s perimeter, at the building’s perimeter, inside the building, and on the datacenter floor. For more information, see Azure Facilities, premises, and physical security.

Data Hosting locations

All customer data is stored on servers located in Canada, the United States and in Europe. To learn more, see Data Locations.

Compliance

In April 2020, Newforma Konekt achieved ISO 27001 certification. You can find out more about this certification here.

Newforma Konekt also follows the requirements of the General Data Protection Regulation (GDPR) which is a European privacy law that regulates how personal data of individuals in the EU can be collected and used by businesses.

Online Payments

Credit card information is processed securely in accordance with the Payment Card Industry’s Data Security Standards (PCI-DSS).

Access Control

  • We provide a password manager to all employees to empower them with password security.
  • Multi-factor authentication is required on critical systems.
  • Access is granted on a need-to-know basis and according to the principle of least privilege.
  • Access is revoked immediately after an employee or a supplier’s termination.
  • All laptops used by employees are fully encrypted.
  • Newforma Konekt offices are secured by keycard access. Visitors have to be accompanied at all times.

Internal Protocol and Education

  • We have a comprehensive security policy in place, which all of our employees must read, accept, and acknowledge regularly.
  • We provide on-going information to our employees regarding privacy and security best practices.
  • Employees receive annual security awareness training and must sign non-disclosure agreements as a condition of employment.

Data Encryption

  • Information is encrypted in transit (TLS) and at rest.
  • Passwords are encrypted in the database using a state-of-the-art encryption algorithm.
  • All computers used to access customer data must be encrypted.

System Development Lifecycle

Our development team employs secure coding techniques and best practices focused around the OWASP tools and standards. Our team always has access to our application security specialized services.

Development, testing, and production environments are segregated. Quality Assurance is involved at each phase of the lifecycle and we regularly perform vulnerability scanning, as well as regression testing and penetration testing. All changes are peer reviewed and logged prior to deployment into the production environment.

Business Continuity

We have a documented business continuity plan to ensure that critical operations are completed in a timely manner in the event of a business disruption.

Backups

Data is regularly backed up and available if a problem occurs.

Best Practices

In addition to Newforma Konekt’s security measures, the following practices will help you protect your account.

Strong password

Choose a strong password and store it safely. A password manager can help you create strong passwords and sign in to your accounts quickly.

User access review

Regularly review user roles. This will ensure that only authorized users continue to access your projects.

Cyber security vigilance

Remain vigilant against phishing. Test your ability to recognize phishing attempts here.

Antivirus protection

Protect your computer with antivirus software.

Responsible disclosure

If you believe you have found a security vulnerability, please contact us at security_konekt@newforma.com. We review all security concerns brought to our attention and make every effort to quickly correct any vulnerability.

Breach Notification

In the event of a security breach in which personal information has been acquired by an unauthorized person, Newforma Konekt will notify the affected individual of the breach by email (see section 8.2 of our Terms of Use). Very importantly, if you ever have reason to believe you have been the victim of a security breach, please contact us immediately at security_konekt@newforma.com.

The information and resources provided in this article are meant to summarize our security practices. Please do not hesitate to contact us with any questions you may have about our investment in security.

Next