Frequently Asked Security Questions for Symphia NowForce

A: Yes. Symphia NowForce has a ISO 27001 certificate, you can view the certificate here.

A: Symphia NowForce adheres to GDPR guidelines including data privacy measures, user privacy rights and access rights to the system, but does not have an official GDPR compliance certificate.

A: Client data is stored in three locations: MS SQL data is stored on AWS; Mongo data is stored on Atlas and raw data is stored on AWS S3.

A: AWS CloudWatch is used for logging and monitoring of WebAPI logs.

A: We use WAF with XSS policies to prevent malicious XML inputs; in addition, the Symphia NowForce API utilizes XML and with an enforced white list input.

A: We use WAF with relevant policies and use Veracode to scan our code for threats.

A: Symphia NowForce makes use of WAF with relevant up to date policies. In addition, an external company runs annual penetration tests including testing for XSS vulnerabilities.

A: We use Veracode to run Penetration Static Code Analysis during the development process of every version of our product.

A: Yes, reports of testing is managed internally, and can be requested from the Customer Success team.

A: Yes, RFC 6749 is the core OAuth 2.0 framework which is used by NowForce for authentication.

A:OAuth 2.0 is used.

A: Yes, these are logged and stored.

A: Data-in-transit encryption uses SSL/TLS 1.2 and data-at-rest encryption is used to encrypt all DB data.

A: We use OAuth 2.0 for authentication, and SSL /TLS 1.2 for all communications between the Symphia NowForce API and third-parties.

A: No, we make use of TLS as the encryption mechanism for secure communications. The encryption provided by the TLS is more robust than data obfuscation, providing better protection, confidentiality and data integrity.