Security practices

The foundation of SYNAPS is the security of our customers’ data, and as such we make ensuing SYNAPS security our first priority. We believe that transparency is a critical component of building and enhancing trust both internally as well as externally with our customers and partners and as such we endeavor to be as clear and open as we can about our security practices.

Security Awareness

SYNAPS runs its business using effective security procedures, including:
  • Documented security policies and procedures;
  • Regular, in-depth security training for all employees;
  • Background checks and confidentiality agreements for all Nomad employees.

Confidentiality

Nomad has strict controls over our employees’ access to the data within the SYNAPS service as defined in your Terms of Service agreement. As such, we are committed to ensure that customer data is not seen by anyone that should not have access to it. Smooth operations of the SYNAPS service requires that some of our employees have access to the systems that store and process customer data. For example, in some cases diagnosing and resolving customer issues requires such access. That being said, employees are prohibited from using these permissions to access customer data unless access unless it is necessary to do so.

Encryption, Password Hashing

SYNAPS helps you prevent critical identity data from falling into the wrong hands. We never store passwords in clear text, but in a manner consistent with NIST guidelines.

Both data at rest and in motion is encrypted - all network communication uses TLS. In addition, mandatory full-disk encryption and screen locks for all endpoints and development systems.

Account Verification

SYNAPS safeguards clients with default email verification at account creation time and during password resets.

Standards-based Identity

From the start, SYNAPS has been built on tested, verified identity standards, including JWT - JSON Web Token, an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.

Physical Security

The environment that hosts SYNAPS services maintains multiple certifications for its data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. For more information about their certification and compliance, please visit the AWS Security website and the AWS Compliance website.

Compliance and Certifications

Nomad has engaged The Cadence Group to assist in our aggressive plan to obtain SOC2 certification relevant to Security, Availability and Confidentiality.

Nomad Service Organization Control (SOC2) Reports are independent third-party examination reports that demonstrate how Nomad achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the security, availability and confidentiality controls established to support operations and compliance.

We invite our current and potential new customers to periodically review and track our progress as we work towards obtaining our SOC2 report by Q4 2017. Our roadmap is as follows:

PhaseObjectiveTimelineStatus
Phase I:Readiness Assistance2016 - 2017in-progress
Phase II:Type I Attestation AuditQ4 2017not started
Phase III:Type II Attestation Audit2018not started

About The Cadence Group

The Cadence Group (www.thecadencegroup.com) specializes in providing IT and Finance assurance and advisory services, helping organizations of all types and sizes to help meet internal compliance initiatives and external requirements. They have a strong history in performing SOC reports (SSAE16/SOC1, SOC2, SOC3) for clients across various industries.