SECURITY AT NURALOGIX

At Nuralogix, ensuring customer data is safe is a top priority. We have a dedicated information security program in place that is aligned with regulatory and legal requirements to protect the confidentiality and integrity of all customers data. 

Our security program encompasses organizational and technical security controls that protect against unauthorized access, theft, and use of customer data. We are constantly updating the NuraLogix security strategy as the security landscape evolves.

Organizational Security

Privacy  

    Technical Security

    Regulatory Compliance

     

     

     

    Enterprise-Grade Security

    At NuraLogix, we take compliance seriously. As a result, we have demonstrated compliance with multiple leading data protection and privacy policies including AICPA SOC2, PIPEDA, HIPAA and EU GDPR. We have several frameworks and internal policies in place that are based on these compliance policies. These include: 

    • Secure Software Development Cycle

    • Application Security Testing

    • Security By Design

    • Access Controls

    • Network Segmentation

    • Data Encryption

    •  System Hardening

    • Logging and Monitoring

    • Business Continuity & Disaster Recovery 

    • Compliance

    Download Whitepaper

    Report a Data Security Problem

    Have a data protection issue to report? Let us know below.

     

    Report a Problem
    GET IN TOUCH

    Quick Links

    Technology

    Research

    DeepAffex®

    Anura®

    DFX Live™

    News

    Company

    Privacy Policy

    Terms of Use

    Cookie Policy

    Security & Compliance

    • Twitter
    • Facebook
    • Linkedin
    • Youtube

    Corporate Headquarters

    NuraLogix Corporation

    250 University Avenue, Suite 209

    Toronto, ON, Canada M5H 3E5

    Email: info@nuralogix.ai

    Phone: +1 (416) 368-6000

    In the United States, this product is for Investigational Use Only. The performance characteristics of this product have not been established.

    © Copyright NuraLogix Corporation

    Regional Offices

    North America
    sales-na@nuralogix.ai

    Latin America and EMEA (Europe, Middle East and Africa)
    sales-emea@nuralogix.ai

    APAC (Asia-Pacific)
    sales-apac@nuralogix.ai

    China (Mainland)
    sales-china@nuralogix.ai

    Organizational Security

     

    • All employees receive continuous security, privacy, and compliance training at Nuralogix.

    • NuraLogix maintains a risk-based assessment security program to identify and remediate threats.

    • Security policies and standards are reviewed at least annually by senior management and made available to employees for reference.

    • Third-party security due diligence is performed on all service providers.

    • Business continuity plan reviewed and tested at least annually.

    • Independent third-Party audit using SSAE 18 SOC 2 standards.

    Privacy

    • Nuralogix has developed a privacy program to meet the continuously evolving data protection requirements and regulations. We monitor and align our privacy strategy to ensure that privacy requirements made to our customers and partners are met.

    • Nuralogix maintains continuous employee security and privacy awareness training, to maintain and understand the importance of the company privacy program.

    • Additionally, we adopt and integrate the principles of Privacy by Design from the initial phase through to the release of our solution.

    • Nuralogix complies with the GDPR, PIPEDA and HIPAA regulations.

    Please send privacy-related enquiries to privacy@nuralogix.ai 

    Technical Security

     

    • Encryption: We use Transport Layer Security (at least TLS 1.2) encryption for all customer data transfers, and AES algorithm with a key size of 256 bits to encrypt all data at rest.

     

    • Vulnerability Management: Nuralogix maintains a third-party tool for the conduct of vulnerability scans to identify, access and remediate vulnerabilities.

     

    • Penetration Testing: We engage reputable independent third-party organizations to conduct penetration tests and detect vulnerabilities which are triaged and remediated according to their criticality.

     

    • Role-based Access control: Access is authorized based on role and responsibilities. Access is reviewed at least bi-annually. Upon termination, employee access is promptly removed.

     

    • Next-Generation Firewall:  Nuralogix have deployed NGFW for application and network-level security to safeguard its DeepAffex information assets. This provides multi-layered protection for breach prevention with advanced capability for role-based access control and intrusion prevention.

     

    • Logging and Monitoring: We continuously log and monitor the platform to detect suspicious event that provides alerts, which are handled in line with best practices to eliminate threats. Potential threats are discovered before they lead to a security breach.
    AICPA SOC 2

     

    We are audited by independent auditors to ensure compliance with AICPA SOC 2 Type II controls to ensure the confidentiality, security and protection of customer data.

     

    We are compliant with Canadian PIPEDA law and ensure adequate consent is taken for data collection. We also have formal controls and best practices in place to ensure the security of customer data.

    We are HIPAA compliant which ensures we safeguard our customer health data. All personal health information is processed within the security and privacy guidelines specified under HIPAA.

    WWe are GDPR compliant which means we have controls in place to ensure transparency in the data collection process. Adequate measures have been implemented in alignment with EU GDPR guidelines and policies to ensure the security and privacy of all customer data.