- 31 Jan 2023
- 1 Minute to read
- Updated on 31 Jan 2023
- 1 Minute to read
Nexudus will implement and maintain the following security measures:
Organisational management and dedicated staff responsible for the development, implementation
and maintenance of Nexudus’ information security program.
Audit and risk assessment procedures for the purposes of periodic review and assessment of
risks to Nexudus’ organisation, monitoring and maintaining compliance with Nexudus’ policies and
procedures, and reporting the condition of its information security and compliance to internal
Data security controls which include at a minimum logical segregation of data, restricted (e.g.
role-based) access and monitoring, and utilisation of commercially available and industry
standard encryption technologies for Customer Personal Data.
Logical access controls designed to manage electronic access to data and system functionality
based on authority levels and job functions.
Password controls designed to manage and control password strength, expiration and usage.
System audit or event logging and related monitoring procedures to proactively record user
access and system activity.
Physical and environmental security of data centers, server room facilities and other areas
containing Customer Personal Data designed to protect information assets from unauthorised
physical access or damage.
Operational procedures and controls to provide for configuration, monitoring and maintenance of
technology and information systems, including secure disposal of systems and media to render all
information or data contained therein as undecipherable or unrecoverable prior to final disposal or
release from Nexudus’ possession.
Change management procedures and tracking mechanisms designed to test, approve and
monitor all material changes to Nexudus’ technology and information assets.
Incident management procedures designed to allow Nexudus to investigate, respond to, mitigate
and notify of events related to Nexudus’ technology and information assets.
Network security controls that provide for the use of enterprise firewalls and intrusion detection
systems designed to protect systems from intrusion and limit the scope of any successful attack.
Vulnerability assessment and threat protection technologies and scheduled monitoring
procedures designed to identify, assess, mitigate and protect against identified security threats,
viruses and other malicious code.
Business resiliency/continuity and disaster recovery procedures designed to maintain service
and/or recovery from foreseeable emergency situations or disasters.