Bank Grade Security
Two Factor Authentication (TFA)
Single Sign On (SSO)
Automatic Account Lockout
Encryption in Transit & at Rest
Secure Data Centres
Navima has certification for compliance with ISO 9001:2015 and ISO 27001:2017. These certifications are performed by UKAS accredited independent third-party auditors the British Assessment Bureau (the only UK government-backed body for ISO certification in the United Kingdom). Our compliance with these internationally recognised standards and code of practice is evidence of our commitment to information security at every level of our organisation and that the Navima security program is in accordance with industry leading best practices.
ISO 27001 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO/IEC 27002 best practice guidance. The basis of this certification is the development and implementation of a rigorous security program, which includes the development and implementation of an Information Security Management System (ISMS) which defines how Navima perpetually manages security in a holistic, comprehensive manner. This widely recognised international security standard specifies that Navima does the following:
- We systematically evaluate our information security risks, considering the impact of threats and vulnerabilities.
- We design and implement a comprehensive suite of information security controls and other forms of risk management to address customer and architecture security risks.
- We have an overarching management process to ensure that the information security controls meet our needs on an ongoing basis.
ISO 9001 relates to a set of standards that helps organisations ensure they meet customer and other stakeholder needs within statutory and regulatory requirements related to a product or service. ISO 9001 is a standard that sets out the requirements for a quality management system. It helps businesses and organisations to be more efficient and improve customer satisfaction.
A quality management system is a way of defining how an organisation can meet the requirements of its customers and other stakeholders affected by its work. ISO 9001 is based on the idea of continual improvement.
Cyber Essentials Plus Certified
Cyber Essentials Plus is a UK Government-backed, industry-supported certification scheme introduced in the UK to help organizations demonstrate operational security against common cyber-attacks.
Navima's achievement of the Cyber Essentials Plus certification demonstrates our commitment to mitigate the risk from common Internet-based threats, within the context of the UK Government's 10 Steps to Cyber Security. It is backed by industry, including the Federation of Small Businesses, the Confederation of British Industry and a number of insurance organisations that offer incentives for businesses holding this certification.
Cyber Essentials sets out the necessary technical controls; the related assurance framework shows how the independent assurance process works for Cyber Essentials Plus certification through an annual external assessment conducted by an accredited assessor.
At Navima we have implemented the following measures in respect of GDPR:
Transparent Information Uses
Navima provides customers with full control of their content, including access controls that allow administrators to grant or revoke access through the platform’s settings and permissions.
Visibility into Data Processing
Customers can access a copy of their data and know where it’s being processed. Customers can exercise these rights with audit logs and easy download of information.
The right to be Forgotten
Individuals have the right to ask to delete their personal data – customer will be in full control of their content including deletion, permanent deletion and retrieval of data.
Data Portability and Data Management Tools
Organisations may access, import and export their Data using import/export tools.
Data residency allows customers to choose the region where their data is hosted (UK – London) as standard with a choice of other locations possible (contact us).