Protecting our information and infrastructure is a vital topic for Nexus to deliver a trusted service and product and to protect Nexus and customers' information.
Our security principles are Confidentiality, Integrity, and Availability!
So, Nexus's information security goal can be described as; the right information being available to the right person in the right place at the right time with the right level of protection.
We know you have expectations about how we’re protecting your information, so what follows are details about some frequently requested information about Nexus information security.
Our customers and partners have high-security expectations. Meeting these requirements is one of our most important concerns. Therefore, it is important for us to gain certification as formal evidence of our products' high quality and strong security levels.
ISO27001 which is implemented according to ISO27002
Tisax with “very high level”
Common Criteria EAL+4
And we are compliant with ID06 Vaultit
ISMS, Information Security Management System
Our ISMS is based on ISO27001 to work with information security in a structured manner and to guarantee data security. Our ISMS is a central management system and is applied to the entire Nexus Group in different countries.
Security is the responsibility of everyone who works for Nexus. We train our employees so they can identify security risks and empower them to take action to prevent bad things from happening.
The main security measures and controls we have for personal security are:
• Background checks for our employees
• Signed confidentiality agreements (NDA)
• IPR requirements
• Code of conduct
• On/offboarding processes
• Acceptable use policy
All Nexus premises are equipped with an access control system that regulates access so that only authorized persons can enter the premises. Nexus offices are segmented into different zones with restricted access, depending on the sensitivity of the operations. The premises are protected by physical security in accordance with the Swedish Theft Prevention Associations (Svenska Stöldskyddsföreningens) “Rules on burglary protection – Buildings and premises “or equivalence for Nexus offices in other countries.
All equipment containing information with availability requirements belonging to Nexus or its partners are protected against environmental threats such as fire, flooding, etc.
Protecting identity and personal data is a part of Nexus DNA. Therefore, compliance with the provisions of the General Data Protection Regulation (GDPR) and other data protection laws is for us a matter not only for compliance, but it's also vital for our reputation as a Security company.
We secure our information and information systems by using MFA. Access to our systems and infrastructure is restricted only to those who need access in order to provide service and support.
We strive to use SSO in all our systems to make it easier to manage access rights in the on/offboarding process.
Business Continuity/Disaster Recovery
Our Business Continuity Plan outlines how our business will continue operating during an unplanned disruption, to provide consistent operation and services to our customers. In the event of a disaster, our Crisis Unit can respond and recover quickly so that customers receive service according to the agreement.
Intellectual property rights IPR
All Nexus operations are managed so that intellectual property rights are respected, and all managers and employees are informed about IPR requirements before signing an employment contract (general IPR requirements are compiled as an appendix to Nexus employment contracts).
Teleworking (Remote work)
Information security requirement when teleworking is the same as when working from Nexus premises.
We have a daily backup of all productive information systems with offsite storage of backups.
Vulnerability scanning and pentest
We have continual vulnerability scanning and pentest of our production environment.