Our Information Security Team operates around the clock, vigilantly monitoring third-party libraries and integrations for security notifications. Their priority is to swiftly implement security patches and champion the principles of a Secure Development Lifecycle across all code and infrastructure.
Hosted on Amazon Web Services (AWS), Nice Reply benefits from its comprehensive, end-to-end privacy and security features. We strive for 99.99% uptime, supported by advanced monitoring tools that promptly report any service-impacting anomalies.
In the rare instance of data loss or corruption, our robust backup systems can restore operations with no more than five minutes of data loss, ensuring continuous data availability.
All customer data is securely housed within AWS-controlled data centers in the USA. We enforce stringent application security layers to prevent any unauthorized access, ensuring the privacy and integrity of tenant data.
We employ both automated and manual security analyses and conduct regular reviews of third-party libraries. Our commitment is to deliver products that are not only secure but also adhere to GDPR and CCPA compliance. Communications through Nicereply are encrypted using at least TLS v1.2 to prevent unauthorized interception.
We take data protection seriously:
- Full-disk encryption for all at-rest customer data on AWS.
- SSL/TLS encryption safeguards all data in transit.
- Logical separation at the data tier ensures distinct storage for company-specific and tenant-specific data, reinforced by application-level access controls.
We utilize Amazon Cognito for robust user authentication.
We adhere to immutable infrastructure principles, avoiding live code changes or modifications to running servers. All updates undergo formal review, automated testing, and deployment procedures. Our Information Security Team is adept at incident response, acting swiftly according to established protocols to handle any security or availability issues.
Access to personal data is strictly governed by the principle of least privilege. We maintain rigorous administrative controls to manage permissions effectively.
Our comprehensive information security policies, risk assessment protocols, and business continuity plans are reviewed regularly to ensure they meet evolving threats and standards.
From onboarding to offboarding, our employees are thoroughly educated in cybersecurity best practices and the responsible handling of sensitive data.
A Secure Software Development Lifecycle is at the core of our development process, ensuring that security is not an afterthought but a parallel track alongside feature development. Regular vulnerability scans, coupled with manual and automated tests, solidify our security posture before any code deployment.
Our change management procedures ensure full transparency and control over all alterations, with an environment mirroring production for the highest fidelity testing.
We handle standard PII with the utmost care, granting access only to select employees or with explicit customer approval. All third-party services integrated into our stack comply with at least ISO 27001 and/or SOC2 Type II standards, reflecting our GDPR and CCPA compliance.
Access to systems is tightly controlled through role-based permissions ensuring the least privilege principle and regular access reviews, ensuring employees can only reach data necessary for their job functions.