| CARVIEW |
At Nextworld, we understand that you, our customers and partners, must have faith that our services will operate as promised. In order to stay true to those promises, we have implemented security and compliance programs to ensure the Nextworld products meet regulatory requirements and industry standards to protect your investment with us.
Nextworld recognizes that choosing a cloud-based solution can be a difficult task. One of the ways we make it easier for you is by implementing controls based on industry standards and ensuring we meet regulatory requirements. Nextworld is using the Trust Service Criteria with the Service Organization Controls and other standards as a basis for our internal security and compliance program and then evaluating that program with the Service Organization Controls (SOC) 2 examinations. Our approach to compliance is to provide transparency into how we are ensuring the confidentiality, integrity, and availability of your information and assisting you in meeting your compliance objectives. We encourage you to visit the Nextworld Trust Center to explore the details of our security and compliance program.
We have certified our internal controls with the Service Organization Controls (SOC) reports in order to provide further confidence in the Nextworld services. In 2020, a third-party auditor completed the examination of Nextworld controls and issued the SOC 1 Report and SOC 2 Report relevant to Security, Availability, and Confidentiality for Nextworld. Each year, the third-party auditor conducts another examination and reissues the subsequent reports. If you have questions concerning our SOC reports, please contact you service provider or the Nextworld Compliance Team at [email protected]
In addition to certifications and standards, Nextworld is responsible for ensuring we are compliant with local, federal, and international laws, regulations, and statutes of the jurisdictions that we and our customers operate in. Nextworld continuously monitors global legal actions to identify and address regulatory requirements that impact our services to you.
- Sarbanes Oxley Act
- Gramm-Leach-Bliley Act
- EU Network and Information Systems Directive
- UK Network and Information Security Act
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act & California Privacy Rights Act
- Colorado Privacy Act
- Personal Information Protection and Electronics Document Act (PIPEDA)
- Australia Privacy Act
- New Zealand Privacy Act
- Office of Foreign Assets Controls
Data Privacy
Data protection is critical in today’s business environment. Whether it is personal information about your employees, customers, or partners, or sensitive data about your business, we recognize and appreciate the trust you put in Nextworld’s care for your data. As your data processor, we are committed to adhering to the various data protection laws around the globe and assisting you with protecting the rights of your data subjects. To find out more about our privacy measures, please view Nextworld’s Privacy Policy.
Nextworld’s security model allows you to adhere to the principle of least privilege, and limit who has access to personal and sensitive data. In addition to restricting access to applications, you can provide access to applications while restricting access to specific data in the application and restricting actions the user can take on the data.
Nextworld also provides you with data inventory capabilities that assist you in complying with regulatory requirements to maintain records of processing activities, conduct risk assessments, and fulfill data subject requests. With the Data Privacy Inventory application, you can classify data inside of Nextworld, define owners, and document data processing activities.
Security
Nextworld’s Security Program takes a proactive approach to address risks that impact our customers. The program’s aim is to ensure the confidentiality and security of your information and enhance your ability to meet your security objectives. Our program has two main aspects. The first is the establishment of governance and controls focused on protecting the Nextworld services and the data processed by these services. The second aspect is to provide you with security capabilities in the software that assist you in implementing your own controls.
Risk Management
Nextworld takes a risked based approach to security
Risk Management
Nextworld takes a risked based approach to security, continuously evaluating the most common information security threats, monitoring vulnerabilities to our systems, and taking the appropriate actions to address the risks posed to you.
Access Controls
Nextworld follows the principle of least privilege
Access Controls
Nextworld follows the principle of least privilege with defined access policies and procedures that enforce role-based access permissions, on/off-boarding processes, password policies, and multi-factor authentication.
Shared Responsibilities
Nextworld has put in place a shared responsibilities model
Shared Responsibilities
Nextworld has put in place a
shared responsibilities model to
explain what security controls
Nextworld provides you and what
you retain control over. To
understand how the model works,
visit our Shared Responsibility
Model page.
Data Backup and Retention
Nextworld ensures availability of your data
Data Backup and Retention
Nextworld ensures availability of your data with real-time database replications, daily backups both of which are stored in separate locations from the production instances. We also maintain data retention policies and schedules to only retain information for the purpose we originally collected it.
Infrastructure Security
Nextworld leverages world class infrastructure
Infrastructure Security
Nextworld leverages world-class infrastructure services to monitor and control network traffic, restrict unauthorized access, ensure system availability, and encrypt data at rest and in transit.
Incident Response
Should a security incident occur, Nextworld has established plans to contain the damage
Incident Response
Should a security incident occur, Nextworld has established plans to contain the damage, eradicate exploitations, recover data and services, and communicate with stakeholders and authorities to reestablish normal operations and prevent future incidents.
Change Management
Change management processes utilize an agile development methodology
Change Management
Nextworld’s change management processes utilize an agile development methodology to deliver timely quality patches and upgrades to the services we provide you.
Training & Awareness
All employees and contractors must complete regular security training activities
Training & Awareness
To ensure Nextworld staff is knowledgeable of the latest security and privacy threats and best practices, all employees and contractors must complete regular security training activities. Staff receives continuous communications on threats and tips for protecting themselves and Nextworld.
Risk Management
Nextworld takes a risked based approach to security
Access Controls
Nextworld follows the principle of least privilege
Shared Responsibilities
Nextworld has put in place a shared responsibilities model
Data Backup and Retention
Nextworld ensures availability of your data
Risk Management
Nextworld takes a risked based approach to security, continuously evaluating the most common information security threats, monitoring vulnerabilities to our systems, and taking the appropriate actions to address the risks posed to you.
Access Controls
Nextworld follows the principle of least privilege with defined access policies and procedures that enforce role-based access permissions, on/off-boarding processes, password policies, and multi-factor authentication.
Shared Responsibilities
Nextworld has put in place a
shared responsibilities model to
explain what security controls
Nextworld provides you and what
you retain control over. To
understand how the model works,
visit our Shared Responsibility
Model page.
Data Backup and Retention
Nextworld ensures availability of your data with real-time database replications, daily backups both of which are stored in separate locations from the production instances. We also maintain data retention policies and schedules to only retain information for the purpose we originally collected it.
Infrastructure Security
Nextworld leverages world-class infrastructure services to monitor and control network traffic, restrict unauthorized access, ensure system availability, and encrypt data at rest and in transit.
Incident Response
Should a security incident occur, Nextworld has established plans to contain the damage, eradicate exploitations, recover data and services, and communicate with stakeholders and authorities to reestablish normal operations and prevent future incidents.
Change Management
Nextworld’s change management processes utilize an agile development methodology to deliver timely quality patches and upgrades to the services we provide you.
Training & Awareness
To ensure Nextworld staff is knowledgeable of the latest security and privacy threats and best practices, all employees and contractors must complete regular security training activities. Staff receives continuous communications on threats and tips for protecting themselves and Nextworld.
Infrastructure Security
Nextworld leverages world class infrastructure
Incident Response
Should a security incident occur, Nextworld has established plans to contain the damage
Change Management
Change management processes utilize an agile development methodology
Training & Awareness
All employees and contractors must complete regular security training activities
Micah Hedrick
Senior Director of Information Technology and Security, CISSP, CCSP
Micah has been in the enterprise software industry for over 20 years. He has served in various roles over the years including software engineer, product manager, program manager, solution architect, and implementation specialist. He is also a 14-year veteran of the U.S. Army, where he served as an officer in military operations and intelligence. Micah has a passion for helping people and tackling complex problems with simple and innovative solutions.