At NOQX, we recognize that customer information and data are the most critical aspects and key success factors in our business. Earning and maintaining our customers’ trust in how we handle their data is essential for driving NOQX forward as the leading collaboration and goal setting platform vendor.
Security Controls
At NOQX, security is our top priority. We adhere to industry best practices and policies and have implemented several security controls, including but not limited to:
- Access Controls: We have robust mechanisms for provisioning users, allowing customers to view their users and their access privileges for licensed users.
- System and Application Logging: Where technically feasible, we retain logs as needed to ensure system integrity.
- Password Policy and Controls: We enforce password complexity requirements and controls to protect data.
- Use of Processors: To enhance scalability, we employ processors that maintain the highest levels of security and hold current certifications, including ISO27001 and SOC2 Type 2. A list of processors is available on our website.
- Continuous Security Analysis: We conduct ongoing static code security analysis and track dependency vulnerabilities.
Operational Security
Operating a service requires a strong focus on structure and best practices, with clear procedures and expectations. At NOQX, we have implemented the following measures:
- Business Continuity and Disaster Recovery Plan: We have comprehensive plans that are regularly tested. These plans cover the infrastructure and applications used to host customer information and provide services to our customers.
- Thorough Monitoring: Our operations are monitored with uptime checks, logs, and trend analysis. Significant issues trigger 24/7 alerts.
- Continuous Service Availability: We do not have maintenance windows; our service is expected to be continuously available.
Data Security
NOQX is strongly committed to our customers’ data security. Compliance with the GDPR is a top priority, reflecting our dedication to personal data protection in Europe. We ensure:
- Data Encryption: All customer and user data is encrypted at rest and in transit, where applicable.
- Data Backups: Customer and user data is continuously backed up.
- Production Data Use: We do not use production data outside of the production environment.
- Data Transfers: We never transfer data outside Europe/EEA without appropriate safeguards in place.
People Security
We ensure the security of our personnel through the following measures:
- Secure Login: All employees must securely log into company services using MFA.
- Access Control: Access levels are determined by job position, with periodic access reviews and immediate removal when access is no longer necessary. We enforce the principle of least privilege and promptly close user accounts upon employment termination.
- Confidentiality Agreements: Employees sign confidentiality agreements in accordance with applicable laws.
- Training: Employees receive training in Information Security and Secure Development Practices.
By implementing these comprehensive security measures, NOQX ensures the protection of customer information and the integrity of our services.