Security

Protecting our information and infrastructure is a vital topic for Nexus to deliver a trusted service and product and to protect Nexus and customers' information.
Our security principles are Confidentiality, Integrity, and Availability!

So, Nexus's information security goal can be described as; the right information being available to the right person in the right place at the right time with the right level of protection.

We know you have expectations about how we’re protecting your information, so what follows are details about some frequently requested information about Nexus information security.

                               

 

 

                                                         

                                                   

 

 

                                                     

 

Our Certifications

Our customers and partners have high-security expectations. Meeting these requirements is one of our most important concerns. Therefore, it is important for us to gain certification as formal evidence of our products' high quality and strong security levels.

  • ISO27001 which is implemented according to ISO27002

  • Tisax with “very high level”

  • Common Criteria EAL+4

  • And we are compliant with ID06 Vaultit

ISMS, Information Security Management System

 

Our ISMS is based on ISO27001 to work with information security in a structured manner and to guarantee data security. Our ISMS is a central management system and applied to the entire Nexus Group in different countries.

Personal Security

Security is the responsibility of everyone who works for Nexus. We train our employees so they can identify security risks and empower them to take action to prevent bad things from happening.
The main security measures and controls we have for personal security are:

• Background checks for our employees
• Signed confidentiality agreements (NDA)
• IPR requirements
• Code of conduct
• On/offboarding processes
• Acceptable use policy
• Awareness

Physical security

All Nexus premises are equipped with an access control system that regulates access so that only authorized persons can enter the premises. Nexus offices are segmented into different zones with restricted access, depending on the sensitivity of the operations. The premises are protected by physical security in accordance with the Swedish Theft Prevention Associations (Svenska Stöldskyddsföreningens) “Rules on burglary protection – Buildings and premises “or equivalence for Nexus offices in other countries.
All equipment containing information with availability requirements belonging to Nexus or its partners are protected against environmental threats such as fire, flooding, etc.

Privacy data

Protecting identity and personal data is a part of Nexus DNA. Therefore, compliance with the provisions of the General Data Protection Regulation (GDPR) and other data protection laws is for us a matter not only for compliance, but it's also vital for our reputation as a Security company.



Access rights

We secure our information and information systems by using MFA. Access to our systems and infrastructure is restricted only to those who need access in order to provide the service and support.

We striving to use SSO in all our systems to make it easier to manage access rights in the on/offboarding process.

 

Business Continuity/Disaster Recovery

Our Business Continuity Plan outlines how our business will continue operating during an unplanned disruption, to provide consistent operation and services to our customers. In the event of a disaster, our Crisis Unit can respond and recover quickly so that customers recieve service according to the agreement.

Intellectual property rights IPR

All Nexus operations are managed so that intellectual property rights are respected, and all managers and employees are informed about IPR requirements before signing an employment contract (general IPR requirements are compiled as an appendix to Nexus employment contracts).

Teleworking (Remote work)

Information security requirement when teleworking is the same as when working from Nexus premises.

 

Backup

We have a daily backup of all productive information systems with offsite storage of backups.

 

 

Vulnerability scanning and pentest

We have continually vulnerability scanning and pentest of our production environment.