We take security extremely seriously. Through rigorous security checks, safe data storage, employee screenings and compliance with every available regulation, we can ensure the safety, stability and reliability of our platform.
Encryption in transit and at rest
Notiv supports encryption of customer data in transit and at rest. All communications with Notiv servers are encrypted using industry standard TLS by default. This includes traffic between you and Notiv, and between Notiv and our configured integrations.
Our disaster recovery program ensures that our services remain available or are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating disaster recovery plans, and testing.
Our physical infrastructure is hosted and managed within Amazon's secure data centers andutilize the Amazon Web Service (AWS) technology. Amazon continually manages risk andundergoes recurring assessments to ensure compliance with industry standards. Amazon'sdata center operations have been accredited under SSAE 16, PCI DSS Level 1, ISO 9001 / ISO 27001, FISMA Moderate and Sarbanes-Oxley (SOX). We use data centers based in the United States.
AWS data centers are housed in nondescript facilities , and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in continually escorted by authorized staff.
Our network is protected by redundant firewalls, best-in-class router technology, secure HTTPS transport over public networks, and regular audits.
Access to our production network is restricted by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our Operations Team. Employees accessing the production network are required to use multiple factors of authentication.
In case of a system alert, events are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.
We use leading tools and techniques to protect against common security vulnerabilities. These include,but are not limited to, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and SQL Injection.
We employ a full suite of secure software development activities and controls. This starts with the design of our applications and follows through to implementation, down to individual hardware devices.
Development and test environments are separated physically and logically from the production environment. No actual customer data is used in the development or test environments.
API Security and Authentication
Notiv's data access API is TLS-only and you must be a verified user to make API requests. You can authenticate against the API using your username and password.
Access to data within Notiv is governed by role and access rights configured within our organization.