Security policy

Dedicated Security Team

Our Information Security Team operates around the clock, vigilantly monitoring third-party libraries and integrations for security notifications. Their priority is to swiftly implement security patches and champion the principles of a Secure Development Lifecycle across all code and infrastructure.

Robust Infrastructure

Hosted on Amazon Web Services (AWS), Nice Reply benefits from its comprehensive, end-to-end privacy and security features. We strive for 99.99% uptime, supported by advanced monitoring tools that promptly report any service-impacting anomalies.

Data Resiliency

In the rare instance of data loss or corruption, our robust backup systems can restore operations with no more than five minutes of data loss, ensuring continuous data availability.

Secure Data Storage

All customer data is securely housed within AWS-controlled data centers in the USA. We enforce stringent application security layers to prevent any unauthorized access, ensuring the privacy and integrity of tenant data.

Secure Application Delivery

We employ both automated and manual security analyses and conduct regular reviews of third-party libraries. Our commitment is to deliver products that are not only secure but also adhere to GDPR and CCPA compliance. Communications through Nicereply are encrypted using at least TLS v1.2 to prevent unauthorized interception.

Enhanced Security Features

We take data protection seriously:

  1. Full-disk encryption for all at-rest customer data on AWS.
  2. SSL/TLS encryption safeguards all data in transit.
  3. Logical separation at the data tier ensures distinct storage for company-specific and tenant-specific data, reinforced by application-level access controls.
Authentication Protocols

We utilize Amazon Cognito for robust user authentication.

Engineering Excellence and Operational Integrity

We adhere to immutable infrastructure principles, avoiding live code changes or modifications to running servers. All updates undergo formal review, automated testing, and deployment procedures. Our Information Security Team is adept at incident response, acting swiftly according to established protocols to handle any security or availability issues.

Stringent Access Controls

Access to personal data is strictly governed by the principle of least privilege. We maintain rigorous administrative controls to manage permissions effectively.

Information Security Commitment

Our comprehensive information security policies, risk assessment protocols, and business continuity plans are reviewed regularly to ensure they meet evolving threats and standards.

Employee Security Awareness

From onboarding to offboarding, our employees are thoroughly educated in cybersecurity best practices and the responsible handling of sensitive data.

Proactive Application Security

A Secure Software Development Lifecycle is at the core of our development process, ensuring that security is not an afterthought but a parallel track alongside feature development. Regular vulnerability scans, coupled with manual and automated tests, solidify our security posture before any code deployment.

Transparent and Efficient Change Management

Our change management procedures ensure full transparency and control over all alterations, with an environment mirroring production for the highest fidelity testing.

Rigorous Data Security

We handle standard PII with the utmost care, granting access only to select employees or with explicit customer approval. All third-party services integrated into our stack comply with at least ISO 27001 and/or SOC2 Type II standards, reflecting our GDPR and CCPA compliance.

Identity Management

Access to systems is tightly controlled through role-based permissions ensuring the least privilege principle and regular access reviews, ensuring employees can only reach data necessary for their job functions.

Chat bubble

How can you contact us?

Don't hesitate, we're here to help.