Data security and privacy is core to NAVEX Global and is embedded in the foundation of each solution.
Our products are specifically designed to help you safeguard your organization’s data and support your compliance with global regulations. Privacy by design is the default for our products and services.
ISO 27001
ISO 27001 is an international standard on how to manage the people, processes and technologies to protect and secure your information. One must design and implement a suite of information security controls and adopt an overarching management process to ensure the controls meet the organization’s security needs on an ongoing basis. NAVEX Global’s primary data centers located in North America and the EU maintain ISO 27001.
System & Organizational Controls (SOC) Audits
NAVEX Global has and will maintain an annual SOC 2 Type II, or equivalent report covering the security measures and facilities involved in the provision of its services, which specifically include privacy controls. This means internal controls are managed and reported on in a standardized way, so users understand the controls and audits that are regularly conducted at NAVEX Global.
Standardized Data Questionnaires
To provide visibility to our customers on how we process and use their data, NAVEX Global has designed a standardized data questionnaire with supporting documentation upon request to give you a comprehensive view of how we protect your data.
Data Ownership
Our customers own their data that resides within our systems. Our products process customer data strictly to provide the intended services and remain in accordance with its customer’s instructions.
Encrypted Backup of Customer Data
NAVEX Global employs encryption at rest using either full-disk encryption or within the database using TDE.
Backups are stored in our primary US-based data center and replicated to our backup data center through encrypted and secure channels. Our databases are consistently backed up every 15 minutes, and our systems nightly to meet NAVEX Global’s defined Recovery Point Objective.
For more detail on storage in relation to the specific product or service used by you, as a customer, please contact your account executive or our customer support team.