Information Security Policy
V2.0 – 10-03-2023
-
Introduction
This document aims to answer the most frequently asked questions regarding NxtPort’s Information Security Policy. Capitalized terms used in this Information Security Policy and not separately defined shall have the respective meanings ascribed in the Customer Specific Agreement.
-
Data Centers
NxtPort’s goal is to enable you to share your information through API’s. For most use cases NxtPort collects your Data, stores it and indexes it. At all times do you, the Data Provider, keep full ownership over your Data. Protecting your Data and the Data of your customers is extremely important to us.
If this document does not answer your questions and you require more in-depth information about NxtPort’s Information Security Policy, please do not hesitate to contact us via https://nxtport-international.zendesk.com or email ([email protected]).The NxtPort platform runs on the Microsoft Azure Cloud platform and therefore in Microsoft’s data centres. Microsoft cloud services are audited at least annually against SOC 1 (SSAE18, ISAE 3402) and SOC 2 (AT Section 101) standards. More information is available on The Microsoft website.
The NxtPort platform only deploys services on (Tier 4) Microsoft Azure data centres in West Europe. -
Misuse
NxtPort aims to be at the forefront of compliance and delivery. Live data can never be accessed by anonymous parties. A Data User can access Data only if granted that access by the Data Provider. Additionally, NxtPort closely checks API usage and, if detecting an account with indications of suspicious activity, takes immediate action as appropriate for the specific case, such as suspension of access, contacting the Subscriber and/or contacting the Data Provider.
-
Application Security
NxtPort fully understands the importance of that software security. In addition to continuously scanning its code for vulnerabilities, NxtPort also:
- Securely transfers all your Data and encrypts it at rest;
- Is planning an independent penetration test in 2023, to be repeated annually;
- Is ISO 27001 and 27002 certified.
If you identify a vulnerability in a NxtPort site or service, you can place it to us via https://nxtport-international.zendesk.com or email ([email protected]).
-
Operational Security
Access to NxtPort systems and your Data is restricted only to those who need access to provide you with maximum support. NxtPort maintains a strict separation between its development, test, and production environments.
With its employees, contractors, and vendors working on its behalf, NxtPort has in place:- Signed confidentiality agreements;
- Termination/access removal processes;
- Acceptable use agreements.
Security is the responsibility of everyone who works for NxtPort. NxtPort trains its employees to identify security risks and empowers them to take action to prevent bad things from happening.
-
Business Continuity/Disaster Recovery
By deploying its platform to the Microsoft Azure Cloud platform, which has redundant and geographically separate data centres, NxtPort can provide you with consistent services. All service layers (ingestion, storage, processing, API management and identity management) are deployed with redundancy to allow for quick recovery in case a single data centre goes down.
-
Privacy
You can review the NxtPort International privacy policy, but let us already state very clearly that we are committed to the confidentiality of your Data.