---
title: "Security Statement"
slug: "security-statement"
updated: 2023-01-31T10:40:18Z
published: 2023-01-31T10:40:18Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://help.nexudus.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Security Statement

Nexudus will implement and maintain the following security measures:

1. Organisational management and dedicated staff responsible for the development, implementation and maintenance of Nexudus’ information security program.
2. Audit and risk assessment procedures for the purposes of periodic review and assessment of risks to Nexudus’ organisation, monitoring and maintaining compliance with Nexudus’ policies and procedures, and reporting the condition of its information security and compliance to internal senior management.
3. Data security controls which include at a minimum logical segregation of data, restricted (e.g. role-based) access and monitoring, and utilisation of commercially available and industry standard encryption technologies for Customer Personal Data.
4. Logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions.
5. Password controls designed to manage and control password strength, expiration and usage.
6. System audit or event logging and related monitoring procedures to proactively record user access and system activity.
7. Physical and environmental security of data centers, server room facilities and other areas containing Customer Personal Data designed to protect information assets from unauthorised physical access or damage.
8. Operational procedures and controls to provide for configuration, monitoring and maintenance of technology and information systems, including secure disposal of systems and media to render all information or data contained therein as undecipherable or unrecoverable prior to final disposal or release from Nexudus’ possession.
9. Change management procedures and tracking mechanisms designed to test, approve and monitor all material changes to Nexudus’ technology and information assets.
10. Incident management procedures designed to allow Nexudus to investigate, respond to, mitigate and notify of events related to Nexudus’ technology and information assets.
11. Network security controls that provide for the use of enterprise firewalls and intrusion detection systems designed to protect systems from intrusion and limit the scope of any successful attack.
12. Vulnerability assessment and threat protection technologies and scheduled monitoring procedures designed to identify, assess, mitigate and protect against identified security threats, viruses and other malicious code.
13. Business resiliency/continuity and disaster recovery procedures designed to maintain service and/or recovery from foreseeable emergency situations or disasters.