The foundation of SYNAPS is the security of our customers’ data, and as such we make ensuing SYNAPS security our first priority. We believe that transparency is a critical component of building and enhancing trust both internally as well as externally with our customers and partners and as such we endeavor to be as clear and open as we can about our security practices.
Nomad has strict controls over our employees’ access to the data within the SYNAPS service as defined in your Terms of Service agreement. As such, we are committed to ensure that customer data is not seen by anyone that should not have access to it. Smooth operations of the SYNAPS service requires that some of our employees have access to the systems that store and process customer data. For example, in some cases diagnosing and resolving customer issues requires such access. That being said, employees are prohibited from using these permissions to access customer data unless access unless it is necessary to do so.
SYNAPS helps you prevent critical identity data from falling into the wrong hands. We never store passwords in clear text, but in a manner consistent with NIST guidelines.
Both data at rest and in motion is encrypted - all network communication uses TLS. In addition, mandatory full-disk encryption and screen locks for all endpoints and development systems.
SYNAPS safeguards clients with default email verification at account creation time and during password resets.
From the start, SYNAPS has been built on tested, verified identity standards, including JWT - JSON Web Token, an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.
The environment that hosts SYNAPS services maintains multiple certifications for its data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. For more information about their certification and compliance, please visit the AWS Security website and the AWS Compliance website.
Nomad has engaged The Cadence Group to assist in our aggressive plan to obtain SOC2 certification relevant to Security, Availability and Confidentiality.
Nomad Service Organization Control (SOC2) Reports are independent third-party examination reports that demonstrate how Nomad achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the security, availability and confidentiality controls established to support operations and compliance.
We invite our current and potential new customers to periodically review and track our progress as we work towards obtaining our SOC2 report by Q4 2017. Our roadmap is as follows:
| Phase | Objective | Timeline | Status |
|---|---|---|---|
| Phase I: | Readiness Assistance | 2016 - 2017 | in-progress |
| Phase II: | Type I Attestation Audit | Q4 2017 | not started |
| Phase III: | Type II Attestation Audit | 2018 | not started |
The Cadence Group (www.thecadencegroup.com) specializes in providing IT and Finance assurance and advisory services, helping organizations of all types and sizes to help meet internal compliance initiatives and external requirements. They have a strong history in performing SOC reports (SSAE16/SOC1, SOC2, SOC3) for clients across various industries.