Last edited by Divya Mishra in 11th February, 2024
You'll find here Nexthink's corporate Information Security Policies, Procedures and Certificates. The full list can be found here: https://nexthink.sharepoint.com/sites/security/Corporate/
ISO 270xx certificates
You will find the ISO 27001:2013, 27017:2015, 27018:2019 and 27701:2019 here: https://nexthink.sharepoint.com/sites/security/Corporate/
Policies
Our policies describe the what - our procedures, the how.
|
Policy |
Purpose |
|---|---|
| Information Security Policy |
Define the security strategy and security requirements applicable to all Nexthink employees and systems.The aim of this document is to explain all the different measures that Nexthink has in place to ensure its own business continuityand recovery in case of a disaster. |
| Defines what constitutes an acceptable use of Nexthink's IT resources. | |
| Defines what constitutes an acceptable use of publicly available AI resources. | |
| Guidelines for the responsible, secure, and lawful use of AI technologies across Nexthink. | |
| This document describes the classification schemes and levels. | |
| This documents describes the retention applied to the different information managed by Nexthink. | |
| Define how Nexthink identifies and remediates vulnerabilities in its IT infrastructure, product, and Cloud offering. | |
| Define security governance roles and responsibilities at Nexthink. | |
| Define the handling of security incidents at Nexthink. | |
| Business Continuity and Disaster Recovery Plan |
The aim of this document is to explain all the different measures that Nexthink has in place to ensure its own business continuity and recovery in case of a disaster. |
| Define a set of rules designed to enhance computer security and employ strong passwords following security best practices. | |
| The purpose of this document is to define logical access control requirements at Nexthink. | |
| This policy describes the physical security controls applied in our offices but also in the data centers. | |
| Defines the ground rules on how to manage and operate a "Closed-circuit television" system. |
|
| Cryptography Policy | This policy describes the standards and operational procedures used to produce, update and discard keys |
| Third Party Management Policy | This policy describes the process to manage third parties including consultants. |
Procedures
Our policies describe the what - our procedures, the how.
| Procedure | |
|---|---|
| Describe how documentation is managed. | |
| Describes how security incidents should be reported by Nexthink employees. | |
| Describes how the Security Team identifies and responds to security incidents. | |
|
Describes how Nexthink employees should identify and report a suspected or proven personal data breach. Defines communication and escalation flows for internal and external notifications. |
|
| Describes how the Security Team assesses the security posture of third-party providers. | |
|
Describes the methodology to perform and track risk assessments. |
Guidelines
| Guideline |
Purpose |
|---|---|
|
A comprehensive guide to data classification. |
ENS
Technical Safety Instructions (TSI) & STIC Series 800 Guides and Abstracts can be found here - https://ens.ccn.cni.es/es/normativa