Data security and privacy is core to NAVEX Global and is embedded in the foundation of each solution.
Our products are specifically designed to help you safeguard your organisation's data and support your compliance with global regulations. Privacy by design is the default for our products and services.
ISO 27001
ISO 27001 is an international standard on how to manage the people, processes and technologies to protect and secure your information. One must design and implement a suite of information security controls and adopt an overarching management process to ensure the controls meet the organisation's security needs on an ongoing basis. NAVEX Global’s primary data centres located in the EU and North America maintain ISO 27001.
System & Organizational Controls (SOC) Audits
NAVEX Global has and will maintain an annual SOC 2 Type II, or equivalent report covering the security measures and facilities involved in the provision of its services, which specifically include privacy controls. This means internal controls are managed and reported on in a standardised way, so users understand the controls and audits that are regularly conducted at NAVEX Global.
Standardised Data Questionnaires
To provide visibility to our customers on how we process and use their data, NAVEX Global has designed a standardised data questionnaire with supporting documentation upon request to give you a comprehensive view of how we protect your data.
Data Ownership
Our customers own their data that resides within our systems. Our products process customer data strictly to provide the intended services and remain in accordance with its customer’s instructions.
Encrypted Backup of Customer Data
NAVEX Global employs encryption at rest using either full-disk encryption or within the database using TDE.
Backups are stored in our primary EU-based data centre and replicated to our backup data centre through encrypted and secure channels. Our databases are consistently backed up every 15 minutes, and our systems nightly to meet NAVEX Global’s defined Recovery Point Objective.
For more detail on storage in relation to the specific product or service used by you, as a customer, please contact your account executive or our customer support team.