Application Security

 

Application Security Statement

At Nova, we understand the paramount importance of application security and the security of the infrastructure used for data storage and processing. We are dedicated to ensuring the confidentiality, availability, and integrity of all information handled by our system. This document provides a detailed overview of the security measures currently in place within our production environment.

Secure Infrastructure

Our underlying Infrastructure-as-a-Service (IaaS) provider is AWS with Heroku, a Salesforce Platform-as-a-Service (PaaS), application management on top. We also have databases managed by MongoDB Atlas. These infrastructure partners conform to SOC-2 and ISO 27001 security standards.

https://www.heroku.com/compliance

https://aws.amazon.com/compliance

https://www.mongodb.com/products/platform/trust

Encryption

At-rest data encryption is implemented using Amazon S3-managed keys (SSE-S3).

  • Database encryption is enabled.
  • HTTPS communication is enforced.

Backups

  • Both object storage and database storage have high information consistency policies enabled.
  • We utilize continuous automated backups and rollback points for object storage and database storage.

Password Security

  • Passwords are salted and hashed with the SHA-512 algorithm.
  • Strong passwords are enforced.

Logging

  • Logs are enabled for backend actions.
  • All requests and backend actions are logged.

High Availability

  • All application components have redundancy and high availability.
  • We utilize Heroku for avaibility, apaplication resiliency and scale.

Status Monitoring

Production application uptime is continuously monitored and relevant personnel will be alerted to issues immediately.

Change Management

We utilize a formal software development lifecycle methodology to manage application changes gracefully.

Logical Lowest-Level Access Policy

Access to data and systems are only provided to personnel when necessary, and access is removed when no longer necessary.

Multi-Factor Authentication (MFA)

Internal accounts that access operating platforms always have multi-factor authentication enforced. We are committed to maintaining the highest level of security for our SaaS platform and ensuring the safety of our customer data.

Contact our team if you have any additional questions or requirements at contact@novatools.org

Back To Top