Security Practices

The following operational practices are observed and followed by the NuovoPay DevOps and SysAdmin team to manage our cloud infrastructure:

  • Only designated DevOps and System Administrators have access to production servers. No other employees have access to production systems.
  • Each SSH login incident is logged and reported in the management console in real-time.
  • SSH login is secured with public/private key which is an industry standard.
  • Some critical systems are protected using 2FA (2 Factor Authentication).
  • Firewall policies block all ports but 80 (HTTP) and 443(HTTPS), also there is restriction about incoming and outgoing traffic. All access is logged and monitored.
  • We routinely apply OS Security patches as and when they are available (in some cases it may require some downtime)
  • TLS is enforced in all communication across data centers.

Certifications

NuovoPay parent company ProMobi Technologies has completed following certifications:

  • ISO 27001:2013
  • SOC Type II