Security
Protecting our information and infrastructure is a vital topic for Nexus to deliver a trusted service and product and to protect Nexus and customers' information.
Our security principles are Confidentiality, Integrity, and Availability!
So, Nexus's information security goal can be described as; the right information being available to the right person in the right place at the right time with the right level of protection.
We know you have expectations about how we’re protecting your information, so what follows are details about some frequently requested information about Nexus information security.
Our Certifications
Our customers and partners have high-security expectations. Meeting these requirements is one of our most important concerns. Therefore, it is important for us to gain certification as formal evidence of our products' high quality and strong security levels.
-
ISO27001 which is implemented according to ISO27002
-
Tisax with “very high level”
-
Common Criteria EAL+4
-
And we are compliant with ID06 Vaultit
ISMS, Information Security Management System
Our ISMS is based on ISO27001 to work with information security in a structured manner and to guarantee data security. Our ISMS is a central management system and is applied to the entire Nexus Group in different countries.

Privacy data
Protecting identity and personal data is a part of Nexus DNA. Therefore, compliance with the provisions of the General Data Protection Regulation (GDPR) and other data protection laws is for us a matter not only for compliance, but it's also vital for our reputation as a Security company.
Access rights
We secure our information and information systems by using MFA. Access to our systems and infrastructure is restricted only to those who need access in order to provide service and support.
We strive to use SSO in all our systems to make it easier to manage access rights in the on/offboarding process.
Business Continuity/Disaster Recovery
Our Business Continuity Plan outlines how our business will continue operating during an unplanned disruption, to provide consistent operation and services to our customers. In the event of a disaster, our Crisis Unit can respond and recover quickly so that customers receive service according to the agreement.
Intellectual property rights IPR
All Nexus operations are managed so that intellectual property rights are respected, and all managers and employees are informed about IPR requirements before signing an employment contract (general IPR requirements are compiled as an appendix to Nexus employment contracts).
Teleworking (Remote work)
Information security requirement when teleworking is the same as when working from Nexus premises.
Backup
We have a daily backup of all productive information systems with offsite storage of backups.
Vulnerability scanning and pentest
We have continual vulnerability scanning and pentest of our production environment.