Ninth Wave Achieves SOC 2 Type 1 Certification
Posted by Almon Tse October 29, 2020 11:30 am EST
At Ninth Wave, we value the trust placed in our platform by financial institutions and businesses globally. Our platform is built to facilitate compliant, verifiable and trusted transactions between banks and their customers. Information Security at Ninth Wave is a strategic and cross-functional initiative. This is reflected in our compliance with widely accepted security standards and regulations, enterprise class security features, and our commitment to transparency.
Ninth Wave is now SOC 2 Type I certified. SOC 2 is an independent third-party examination, that demonstrates how Ninth Wave achieves key compliance controls and objectives in order to meet the trust principles for Security, Availability, and Confidentiality. This provides confidence and peace of mind to our customers that Ninth Wave has established best practices in order to support their security and operations.
- Ninth Wave is built on tier-1 cloud infrastructure providers, with industry-leading compliance and security practices.
- Ninth Wave runs a vulnerability management program, enabling continuous vulnerability detection. We have an internal incident response procedure that is activated in case of a DDoS attack to begin specific mitigations such as country blocking and pattern blocking.
- Ninth Wave security features include OAuth, MFA, Mutual TLS, and security incident handling. NexGen virus and malware scanning is deployed across all endpoints.
- Ninth Wave APIs are fully authenticated and secured over https.
- Ninth Wave uses third party penetration testing to probe our APIs and applications for vulnerabilities. Ninth Wave security team tracks both known and unreleased vulnerabilities and regularly patches the system to address these.
- Ninth Wave facilitates geographic isolation with regional redundant data centers and backups within our tier-1 cloud providers.
- Ninth Wave uses NextGen firewalls to protect against known and unknown threats, including all OWASP top 10 and zero-day threats.
- Ninth Wave uses security compliance tools to monitor and manage policies our firewall rules and VPC flow logs to detect abnormal network traffic.
- Ninth Wave utilizes modern encryption protocols and keeps up-to-date. Strong encryption is used for data in transit as well as at rest, across our systems. For data in transit, TLS is enforced. For data at rest, industry-standard AES-256 encryption is used.
- Ninth Wave does not store, re-use, re-purpose or sell any customer data.
- Ninth Wave’s information security policies comply with European Union General Data Protection Regulation (GDPR) EU 2106/679.