Security Practices
The following operational practices are observed and followed by the NuovoPay DevOps and SysAdmin team to manage our cloud infrastructure:
- Only designated DevOps and System Administrators have access to production servers. No other employees have access to production systems.
- Each SSH login incident is logged and reported in the management console in real-time.
- SSH login is secured with public/private key which is an industry standard.
- Some critical systems are protected using 2FA (2 Factor Authentication).
- Firewall policies block all ports but 80 (HTTP) and 443(HTTPS), also there is restriction about incoming and outgoing traffic. All access is logged and monitored.
- We routinely apply OS Security patches as and when they are available (in some cases it may require some downtime)
- TLS is enforced in all communication across data centers.
Certifications
NuovoPay parent company ProMobi Technologies has completed following certifications:
- ISO 27001:2013
- SOC Type II