Security Overview for AgilePoint NX OnDemand

AgilePoint understands that the confidentiality, integrity, and availability of our customers' information are vital to their business operations and our own success.

Services Covered

This document describes the architecture of, the security and privacy-related audits and certifications received for, and the administrative, technical and physical controls applicable to the services branded as AgilePoint NX OnDemand.

AgilePoint Infrastructure

AgilePoint service is collocated in Amazon Web Services data centers. Amazon Web Services Compliance enables robust controls in place at AWS to maintain security and data protection. You can see Amazon Web Services Security here http://aws.amazon.com/security/.

  • Access control and physical security
  • Environmental controls
  • Power
  • Network

Each instance of NXone (for example, devapp1 or prodapp1) contains many servers and other elements to make it run. Each instance of NXone has exact copies in different AWS zones and regions.

Third-Party Architecture

NXone.com uses third-party tool to monitor its system uptime.

Data Security

  • Connection to the AgilePoint environment is via TLS cryptographic protocols ensuring that our users have a secure connection from their browsers to our service

Network Protection

  • Perimeter firewalls block unused ingress and egress protocols.
  • Internal firewalls segregate traffic between the application and database tiers.
  • Customer database are externally accessible by request and restricted by firewall to provided public IP address.

User Authentication

Access to NXone.com requires authentication via one of the supported mechanisms, including user ID/password and Oauth2.

Disaster Recovery

  • AgilePoint performs data backup based on customer specified schedule and retention period.
  • Disaster recovery tests verify our projected recovery times and the integrity of the customer data.

Backups

  • All data are backed up to Amazon S3 storage.
  • The backups are stored in S3 storage are geo-location-redundant.

Internal testing and assessments

AgilePoint tests all code for security vulnerabilities before release, and regularly scans our network and systems for vulnerabilities.
  • Application vulnerability threat assessments
  • Network vulnerability threat assessments
  • Selected penetration testing and code review

Security Monitoring

Our Information Security department monitors notification from various sources and alerts from internal systems to identify and manage threats.

Return of Customer Data

Within 30 days post contract termination, customers may request return of their respective Customer Data submitted to NXone.com. AgilePoint shall provide such Customer Data via a downloadable file in comma separated value(.zip) format and attachments in their native format.

Deletion of Customer Data

After contract termination, Customer Data submitted to the NXone.com is retained in inactive status within NXone.com for 90 days and a transition period of up to 30 days, after which it is securely overwritten or deleted. This process is subject to applicable legal requirements.

Without limiting the ability for customers to request return of their Customer Data submitted to the AgilePoint, AgilePoint reserves the right to reduce the number of days it retains such data after contract termination. AgilePoint will update this AgilePoint Security, Privacy, and Architecture Documentation in the event of such a change.