At Nextworld, we understand that you, our customers and partners, must have faith that our services will operate as promised. In order to stay true to those promises, we have implemented security and compliance programs to ensure the Nextworld products meet regulatory requirements and industry standards to protect your investment with us.
Nextworld recognizes that choosing a cloud-based solution can be a difficult task. One of the ways we make it easier for you is by implementing controls based on industry standards and ensuring we meet regulatory requirements. Nextworld is using the National Institute of Standards and Technology (NIST) Cybersecurity Framework and associated standards as a basis for our internal compliance program and then evaluating that program against the Trust Service Criteria with the Service Organization Controls (SOC) 2 examinations. Our approach to compliance is to provide transparency into how we are ensuring the confidentiality, integrity, and availability of your information and assisting you in meeting your compliance objectives.
We have certified our internal controls with the Service Organization Controls (SOC) reports in order to provide further confidence in the Nextworld services. In 2020, a third-party auditor completed the examination of Nextworld controls and issued the SOC 1 Report and SOC 2 Report relevant to Security, Availability, and Confidentiality for Nextworld. Each year, the third-party auditor conducts another examination and reissues the subsequent reports. If you have questions concerning our SOC reports, please contact you service provider or the Nextworld Compliance Team at [email protected]
In addition to certifications and standards, Nextworld is responsible for ensuring we are compliant with local, federal, and international laws, regulations, and statutes of the jurisdictions that we and our customers operate in. Nextworld continuously monitors global legal actions to identify and address regulatory requirements that impact our services to you.
Data protection is critical in today’s business environment. Whether it is personal information about your employees, customers, or partners, or sensitive data about your business, we recognize and appreciate the trust you put in Nextworld’s care for your data. As your data processor, we are committed to adhering to the various data protection laws around the globe and assisting you with protecting the rights of your data subjects. To find out more about our privacy measures, please view Nextworld’s Privacy Policy.
Nextworld’s security model allows you to adhere to the principle of least privilege, and limit who has access to personal and sensitive data. In addition to restricting access to applications, you can provide access to applications while restricting access to specific data in the application and restricting actions the user can take on the data.
Nextworld also provides you with data inventory capabilities that assist you in complying with regulatory requirements to maintain records of processing activities, conduct risk assessments, and fulfill data subject requests. With the Data Privacy Inventory application, you can classify data inside of Nextworld, define owners, and document data processing activities.
Nextworld’s Security Program takes a proactive approach to address risks that impact our customers. The program’s aim is to ensure the confidentiality and security of your information and enhance your ability to meet your security objectives. Our program has two main aspects. The first is the establishment of governance and controls focused on protecting the Nextworld services and the data processed by these services. The second aspect is to provide you with security capabilities in the software that assist you in implementing your own controls.
Nextworld takes a risked based approach to security
Nextworld takes a risked based approach to security, continuously evaluating the most common information security threats, monitoring vulnerabilities to our systems, and taking the appropriate actions to address the risks posed to you.
Nextworld follows the principle of least privilege
Nextworld follows the principle of least privilege with defined access policies and procedures that enforce role-based access permissions, on/off-boarding processes, password policies, and multi-factor authentication.
Nextworld has put in place a shared responsibilities model
Nextworld has put in place a
shared responsibilities model to
explain what security controls
Nextworld provides you and what
you retain control over. To
understand how the model works,
visit our Shared Responsibility
Model page.
Nextworld ensures availability of your data
Nextworld ensures availability of your data with real-time database replications, daily backups both of which are stored in separate locations from the production instances. We also maintain data retention policies and schedules to only retain information for the purpose we originally collected it.
Nextworld leverages world class infrastructure
Nextworld leverages world-class infrastructure services to monitor and control network traffic, restrict unauthorized access, ensure system availability, and encrypt data at rest and in transit.
Should a security incident occur, Nextworld has established plans to contain the damage
Should a security incident occur, Nextworld has established plans to contain the damage, eradicate exploitations, recover data and services, and communicate with stakeholders and authorities to reestablish normal operations and prevent future incidents.
Change management processes utilize an agile development methodology
Nextworld’s change management processes utilize an agile development methodology to deliver timely quality patches and upgrades to the services we provide you.
All employees and contractors must complete regular security training activities
To ensure Nextworld staff is knowledgeable of the latest security and privacy threats and best practices, all employees and contractors must complete regular security training activities. Staff receives continuous communications on threats and tips for protecting themselves and Nextworld.
Nextworld takes a risked based approach to security
Nextworld follows the principle of least privilege
Nextworld has put in place a shared responsibilities model
Nextworld ensures availability of your data
Nextworld takes a risked based approach to security, continuously evaluating the most common information security threats, monitoring vulnerabilities to our systems, and taking the appropriate actions to address the risks posed to you.
Nextworld follows the principle of least privilege with defined access policies and procedures that enforce role-based access permissions, on/off-boarding processes, password policies, and multi-factor authentication.
Nextworld has put in place a
shared responsibilities model to
explain what security controls
Nextworld provides you and what
you retain control over. To
understand how the model works,
visit our Shared Responsibility
Model page.
Nextworld ensures availability of your data with real-time database replications, daily backups both of which are stored in separate locations from the production instances. We also maintain data retention policies and schedules to only retain information for the purpose we originally collected it.
Nextworld leverages world-class infrastructure services to monitor and control network traffic, restrict unauthorized access, ensure system availability, and encrypt data at rest and in transit.
Should a security incident occur, Nextworld has established plans to contain the damage, eradicate exploitations, recover data and services, and communicate with stakeholders and authorities to reestablish normal operations and prevent future incidents.
Nextworld’s change management processes utilize an agile development methodology to deliver timely quality patches and upgrades to the services we provide you.
To ensure Nextworld staff is knowledgeable of the latest security and privacy threats and best practices, all employees and contractors must complete regular security training activities. Staff receives continuous communications on threats and tips for protecting themselves and Nextworld.
Nextworld leverages world class infrastructure
Should a security incident occur, Nextworld has established plans to contain the damage
Change management processes utilize an agile development methodology
All employees and contractors must complete regular security training activities
Senior Director of Compliance and Security, CISSP, CCSP
Micah has been in the enterprise software industry for over 20 years. He has served in various roles over the years including software engineer, product manager, program manager, solution architect, and implementation specialist. He is also a 14-year veteran of the U.S. Army, where he served as an officer in military operations and intelligence. Micah has a passion for helping people and tackling complex problems with simple and innovative solutions.
