SECURITY AT NURALOGIX

At Nuralogix, securing customer data is a top priority. To that effect, we have a dedicated information security program to protect the confidentiality, integrity, and availability of customers data, and the security program is aligned with regulatory and legal requirements.

Our security program encompasses, Organizational and Technical security controls that protect against unauthorized access, theft, and use of customer data. Nuralogix security strategy is continuously updated as the security threat landscape changes.

Regulatory Compliance

 

 

 

Enterprise-Grade Security

We take compliance seriously and therefore we have demonstrated compliance with leading data protection and privacy policies – AICPA SOC2, PIPEDA, HIPAA and EU GDPR. We have adopted several frameworks and internal policies that are based on these compliance policies. These include: 

  • Secure Software Development Cycle

  • Application Security Testing

  • Security By Design

  • Access Controls

  • Network Segmentation

  • Data Encryption

  •  System Hardening

  • Logging and Monitoring

  • Business Continuity & Disaster Recovery 

  • Compliance

Report a Data Security Problem

If you wish to report data protection issues, let us know below.

 

Organizational Security

 

• All employees receive continuous security, privacy, and compliance training at Nuralogix.

• NuraLogix maintains a risk-based assessment security program to identify and remediate threats.

• Security policies and standards are reviewed at least annually by senior management and made available to employees for reference.

• Third-party security due diligence is performed on all service providers.

• Business continuity plan reviewed and tested at least annually.

• Independent third-Party audit using SSAE 18 SOC 2 standards.

Privacy

• Nuralogix has developed a privacy program to meet the continuously evolving data protection requirements and regulations. We monitor and align our privacy strategy to ensure that privacy requirements made to our customers and partners are met.

• Nuralogix maintains continuous employee security and privacy awareness training, to maintain and understand the importance of the company privacy program.

• Additionally, we adopt and integrate the principles of Privacy by Design from the initial phase through to the release of our solution.

• Nuralogix complies with the GDPR, PIPEDA and HIPAA regulations.

Please send privacy-related enquiries to privacy@nuralogix.ai 

Technical Security

 

  • Encryption: We use Transport Layer Security (at least TLS 1.2) encryption for all customer data transfers, and AES algorithm with a key size of 256 bits to encrypt all data at rest.

 

  • Vulnerability Management: Nuralogix maintains a third-party tool for the conduct of vulnerability scans to identify, access and remediate vulnerabilities.

 

  • Penetration Testing: We engage reputable independent third-party organizations to conduct penetration tests and detect vulnerabilities which are triaged and remediated according to their criticality.

 

  • Role-based Access control: Access is authorized based on role and responsibilities. Access is reviewed at least bi-annually. Upon termination, employee access is promptly removed.

 

  • Next-Generation Firewall:  Nuralogix have deployed NGFW for application and network-level security to safeguard its DeepAffex information assets. This provides multi-layered protection for breach prevention with advanced capability for role-based access control and intrusion prevention.

 

  • Logging and Monitoring: We continuously log and monitor the platform to detect suspicious event that provides alerts, which are handled in line with best practices to eliminate threats. Potential threats are discovered before they lead to a security breach.
AICPA SOC 2

 

We are audited by independent auditors to ensure compliance with AICPA SOC 2 Type II controls thereby ensuring confidentiality, security and protection of customer data.

 

We are compliant with Canadian PIPEDA law and ensure adequate consent is taken for data collection. We also have formal controls and best practices to ensure the security of customer data and ensure privacy.

We are HIPAA compliant which ensures we safeguard our customer health data. All personal health information is processed within the security and privacy guidelines specified under HIPAA.

We are GDPR compliant and this means we have controls that ensure transparency in the data collection process along with compliance in the data processing. Adequate measures have been taken in alignment with EU GDPR guidelines and policies to ensure the security and privacy of customer data.