Bank Grade Security 

We protect M&A teams to the highest possible level with bank-grade security encrypted backups and additional security measures such as two-factor authentication, complex passwords and controlled user-based permissions.

Two Factor Authentication (TFA)

All users are required to use two methods of logging into their Navima account – (i) password and (ii) then via smartphone authenticator (Google, Microsoft, Duo Mobile, Authy).

Single Sign On (SSO)

Login to Navima with your LinkedIn or GSuite account or SAML Active Directory (e.g., Okta, OneLogin, Azure) for extra security and ease of use.

Complex Passwords

When users are setting up their account, they must (by default) use a combination of letters, numbers and special characters for their password. Minimum password lengths are enforced as standard.

User-based Permissions

Each user has set permissions, defined by the account administrator, enabling relevant viewing or editor rights.

Audit Trail

Track user activity and generate audit trail reports, including who has viewed, downloaded, created, updated and deleted content and logged in to their account.

Automatic Account Lockout

When a user tries to log in to their Navima account and has been unsuccessful after 6 password attempts, their account will be locked for 1 hour.

Encryption in Transit & at Rest

Navima uses end-to-end encryption, with 256-bit SSL in transit and AES encryption at rest — the same level of encryption used by banks.

Automatic Log-off

Log out automatically out each time you leave your portal.

Secure Data Centres

Navima uses UK-based (London) AWS (Amazon Web Services) S3 data centres, which are ISO27001, SAS70 & PCI certified. A choice of 8 AWS server locations plus geo-fencing (restrict platform logins to certain IP addresses) is possible at additional cost (contact us).


ISO Certified

Navima has certification for compliance with ISO 9001:2015 and ISO 27001:2017. These certifications are performed by UKAS accredited independent third-party auditors the British Assessment Bureau (the only UK government-backed body for ISO certification in the United Kingdom). Our compliance with these internationally recognised standards and code of practice is evidence of our commitment to information security at every level of our organisation and that the Navima security program is in accordance with industry leading best practices.


ISO 27001

ISO 27001 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO/IEC 27002 best practice guidance. The basis of this certification is the development and implementation of a rigorous security program, which includes the development and implementation of an Information Security Management System (ISMS) which defines how Navima perpetually manages security in a holistic, comprehensive manner. This widely recognised international security standard specifies that Navima does the following:

  • We systematically evaluate our information security risks, considering the impact of threats and vulnerabilities.
  • We design and implement a comprehensive suite of information security controls and other forms of risk management to address customer and architecture security risks.
  • We have an overarching management process to ensure that the information security controls meet our needs on an ongoing basis.

ISO 9001

ISO 9001 relates to a set of standards that helps organisations ensure they meet customer and other stakeholder needs within statutory and regulatory requirements related to a product or service. ISO 9001 is a standard that sets out the requirements for a quality management system. It helps businesses and organisations to be more efficient and improve customer satisfaction.

A quality management system is a way of defining how an organisation can meet the requirements of its customers and other stakeholders affected by its work. ISO 9001 is based on the idea of continual improvement.


Cyber Essentials Plus Certified

Cyber Essentials Plus is a UK Government-backed, industry-supported certification scheme introduced in the UK to help organizations demonstrate operational security against common cyber-attacks.

Navima's achievement of the Cyber Essentials Plus certification demonstrates our commitment to mitigate the risk from common Internet-based threats, within the context of the UK Government's 10 Steps to Cyber Security. It is backed by industry, including the Federation of Small Businesses, the Confederation of British Industry and a number of insurance organisations that offer incentives for businesses holding this certification.

Cyber Essentials sets out the necessary technical controls; the related assurance framework shows how the independent assurance process works for Cyber Essentials Plus certification through an annual external assessment conducted by an accredited assessor.


GDPR Compliant

At Navima we have implemented the following measures in respect of GDPR:

Transparent Information Uses

Navima provides customers with full control of their content, including access controls that allow administrators to grant or revoke access through the platform’s settings and permissions.

Visibility into Data Processing

Customers can access a copy of their data and know where it’s being processed. Customers can exercise these rights with audit logs and easy download of information. 

The right to be Forgotten

Individuals have the right to ask to delete their personal data – customer will be in full control of their content including deletion, permanent deletion and retrieval of data.

Data Portability and Data Management Tools

Organisations may access, import and export their Data using import/export tools. 

Data Residency

Data residency allows customers to choose the region where their data is hosted (UK – London) as standard with a choice of other locations possible (contact us).


Contact us today to schedule a demo