SECURITY AT NURALOGIX

At Nuralogix, ensuring customer data is safe is a top priority. We have a dedicated information security program in place that is aligned with regulatory and legal requirements to protect the confidentiality and integrity of all customers data. 

Our security program encompasses organizational and technical security controls that protect against unauthorized access, theft, and use of customer data. We are constantly updating the NuraLogix security strategy as the security landscape evolves.

Regulatory Compliance

 

 

 

Enterprise-Grade Security

At NuraLogix, we take compliance seriously. As a result, we have demonstrated compliance with multiple leading data protection and privacy policies including AICPA SOC2, PIPEDA, HIPAA and EU GDPR. We have several frameworks and internal policies in place that are based on these compliance policies. These include: 

  • Secure Software Development Cycle

  • Application Security Testing

  • Security By Design

  • Access Controls

  • Network Segmentation

  • Data Encryption

  •  System Hardening

  • Logging and Monitoring

  • Business Continuity & Disaster Recovery 

  • Compliance

Report a Data Security Problem

Have a data protection issue to report? Let us know below.

 

Organizational Security

 

• All employees receive continuous security, privacy, and compliance training at Nuralogix.

• NuraLogix maintains a risk-based assessment security program to identify and remediate threats.

• Security policies and standards are reviewed at least annually by senior management and made available to employees for reference.

• Third-party security due diligence is performed on all service providers.

• Business continuity plan reviewed and tested at least annually.

• Independent third-Party audit using SSAE 18 SOC 2 standards.

Privacy

• Nuralogix has developed a privacy program to meet the continuously evolving data protection requirements and regulations. We monitor and align our privacy strategy to ensure that privacy requirements made to our customers and partners are met.

• Nuralogix maintains continuous employee security and privacy awareness training, to maintain and understand the importance of the company privacy program.

• Additionally, we adopt and integrate the principles of Privacy by Design from the initial phase through to the release of our solution.

• Nuralogix complies with the GDPR, PIPEDA and HIPAA regulations.

Please send privacy-related enquiries to privacy@nuralogix.ai 

Technical Security

 

  • Encryption: We use Transport Layer Security (at least TLS 1.2) encryption for all customer data transfers, and AES algorithm with a key size of 256 bits to encrypt all data at rest.

 

  • Vulnerability Management: Nuralogix maintains a third-party tool for the conduct of vulnerability scans to identify, access and remediate vulnerabilities.

 

  • Penetration Testing: We engage reputable independent third-party organizations to conduct penetration tests and detect vulnerabilities which are triaged and remediated according to their criticality.

 

  • Role-based Access control: Access is authorized based on role and responsibilities. Access is reviewed at least bi-annually. Upon termination, employee access is promptly removed.

 

  • Next-Generation Firewall:  Nuralogix have deployed NGFW for application and network-level security to safeguard its DeepAffex information assets. This provides multi-layered protection for breach prevention with advanced capability for role-based access control and intrusion prevention.

 

  • Logging and Monitoring: We continuously log and monitor the platform to detect suspicious event that provides alerts, which are handled in line with best practices to eliminate threats. Potential threats are discovered before they lead to a security breach.
AICPA SOC 2

 

We are audited by independent auditors to ensure compliance with AICPA SOC 2 Type II controls to ensure the confidentiality, security and protection of customer data.

 

We are compliant with Canadian PIPEDA law and ensure adequate consent is taken for data collection. We also have formal controls and best practices in place to ensure the security of customer data.

We are HIPAA compliant which ensures we safeguard our customer health data. All personal health information is processed within the security and privacy guidelines specified under HIPAA.

WWe are GDPR compliant which means we have controls in place to ensure transparency in the data collection process. Adequate measures have been implemented in alignment with EU GDPR guidelines and policies to ensure the security and privacy of all customer data.