Data traffic to our servers is controlled 24/7 from a central control room. Within 30 minutes, Nmbrs will respond to unauthorized attempts to access to the web service, irregular traffic or other attempts to subvert Nmbrs. The Nmbrs infrastructure is protected by a Firewall managed by hosting partners that continuously identify potential threats. Each server that is accessible from the Internet (web-servers) is also protected by an extra Operating System Firewall.
The client/Server communication is done with HTTPS, which guarantees data integrity and prevents data tampering. The Nmbrs certificate uses a 2048 bit encryption. The HTTPS transport layers uses a standard TLS without fallback to SSLv2/SSlv3, which are disabled because of security reasons. Internet users are able to recognize the SSL-secured status by the lock icon before the website URL, and Extended Validation SSL-secured websites by the green address bar.
Nmbrs offers a range of policies for password requirements, including options for periodical password resets and pin codes. Furthermore, Two-factor authentication provides an optional second authentication level. Nmbrs does not store user's passwords itself in the database, but instead, a salted hash of the password. This prevents password stealing even with database access.
Every user has a whitelist with approved IP addresses to access the system. When users access the system from a new IP address an email is sent to verify the new IP. It is also possible to restrict access to Nmbrs to a list of IP’s or IP ranges. This measure helps to to prevent third parties from entering Nmbrs accounts from alien locations and devices.
We rely on external parties to verify our operational excellence, procedures and methodologies. Nmbrs maintains a set of compliance certifications that provide independent verification of our quality.
Nmbrs has produced an ISAE 3402 report. One of the purposes of this ISAE 3402 Type II report is to provide Nmbrs customer with information to obtain an understanding of the design and implementation of controls implemented by Nmbrs, which are relevant to the control of the user organisation’s internal processes for the purpose of the audit of their financial statements.
A number of legal documents is important to both us at Nmbrs, as well as our customers, our prospects, and users of our application. To make it easy to find the information you’re looking for, we’ve assembled them here under one roof, provided with a quick rundown of the individual regulations.
A processor agreement concerns an agreement about confidentiality, security, privacy, data elimination and other obligations. If you are a (new) customers looking for our standard processor agreement, we have included this in our general terms and conditions. When you subscribe for a Free Trial and again when you give the order confirmation you agree to these conditions.
To be an online software means that online crime is a risk of our service. Cyber criminals may attempt to obtain sensitive information by accessing individual accounts or using our name and image. We believe that the most forceful weapon against this form of crime is shared knowledge. Therefore, we aim to provide all our users and partners with clear knowledge and instructions on how to deal with possible attempts to online crime.