Security

Think. Build. Connect. Run.

Built to make security a priority.

Security standards

The design of our security and trust architecture recognises the mission critical nature of what we provide to our customers.

Built around a fully distributed, scalable architecture and independently audited NowWeComply works intimately with some of the world's best-in-class infrastructure and security vendors to deliver true Enterprise grade security and assurance.

Operating a multi-layered approach to service provision and data protection NowWeComply's Process automation platform is built around a true multi-tenant, multi-zone, N+1 throughout redundant architecture with a 99.999% network uptime SLA.

Security content

Trusted Infrastructure

Our infrastructure is provided by Amazon AWS – the world’s leading datacentre provider, trusted by many of the world’s largest and best respected companies. Key features include:

  • Based in EU (Ireland) Region (EC2 Availability Zones: 3), other countries including USA on request
  • ISO27001 - accredited datacentre and infrastructure
  • N+1 redundant throughout, supporting a 99.9999% uptime SLA
  • Multi-tenant architecture with single code repository
  • Fully independent client data storage repositories
  • Private cloud options available for companies that wish to host their own infrastructure

Secure Platform Architecture

We designed our platform architecture to prioritise business continuity with high levels of privacy and security for our customers’ data. Main call-outs are:

  • Segregated data for each customer (no shared data)
  • Dedicated storage can be located in any geographic region for your own regulatory compliance
  • Support for per-customer encryption keys (with customer managed HSMs optional too)
  • HIPAA-compliant options available, with Transparent Data Encryption if required
  • Support for SAML and other auth options  - can be adapted to specific policy requirements
  • Dual-factor authentication using hardware keys also optional
  • Customisable API access and reporting restrictions by IP and date range

Accreditations and Standards

Our systems are security audited (Penetration tested) by QuinetiQ, one of the world’s foremost cyber-security authorities.

AWS Infrastructure itself is also audited against the following standards:

  • HIPAA, SOC 1/SSAE 16/ISAE 3402 (formerly SAS70), SOC 2, SOC 3, PCI DSS Level 1
  • ISO 27001, FedRAMP (SM)
  • DIACAP and FISMA
  • ITAR, FIPS 1402
  • CSA, MPAA