Normative employs comprehensive security measures at the organizational, architectural, and operational levels to ensure that your data remain safe.
Normative has an in-house security team, including dedicated heads of compliance and security engineering, building an ISMS aligned to ISO 27001:2022. Normative has engaged an external UKAS accredited auditor to audit and certify the ISMS in 2024Q1.
To summarize, security measures include but are not limited to:
- Trusted architecture vendors - AWS, Atlas MongoDB, Auth0 & Cloudflare with EU data hosting of all financial transaction data;
- Pre-employment screening;
- Org-wide security awareness programs and developer security training;
- Annual gray box penetration tests, weekly vulnerability scans (the results of which can both be shared on request) and vulnerability management processes;
- A WAF (Web Application Firewall) protecting the application which is hosted on an AWS VPC (Virtual Private Cloud).
- Cryptography management including encryption of all data at rest & in transit;
- Multi-factor authentication functionality for Customer Users & VPNs for Normative’s engineering architecture access.