System & Organizational Controls (SOC) Audits
NAVEX Global has and will maintain an annual SOC 2 Type II, or equivalent report covering the security measures and facilities involved in the provision of its services, which specifically include privacy controls. This means internal controls are managed and reported on in a standardized way, so users understand the controls and audits that are regularly conducted at NAVEX Global.
Standardized Data Questionnaires
To provide visibility to our customers on how we process and use their data, NAVEX Global has designed a standardized data questionnaire with supporting documentation upon request to give you a comprehensive view of how we protect your data.
Our customers own their data that resides within our systems. Our products process customer data strictly to provide the intended services and remain in accordance with its customer’s instructions.
Encrypted Backup of Customer Data
NAVEX Global employs encryption at rest using either full-disk encryption or within the database using TDE.
Backups are stored in our primary US-based data center and replicated to our backup data center through encrypted and secure channels. Our databases are consistently backed up every 15 minutes, and our systems nightly to meet NAVEX Global’s defined Recovery Point Objective.
For more detail on storage in relation to the specific product or service used by you, as a customer, please contact your account executive or our customer support team.