Data Security

Effective as of April 6th, 2021.

This Security Policy governs the processing of data provided by a Subscriber in connection with their user license agreement (“Agreement”) or through the use of the Nirovision Services. By using the Software, our Services, or our Website, or by signing an Agreement with Nirovision, you signify your acceptance of this policy.

If you do not agree to this policy, please do not use our Sites or Apps.

Keeping your workplace safe

There is a lot of legitimate concern about cyber-security with many malicious actors seeking to extract money using nefarious online methods.

Whilst it might seem as if a server in your office with local PC’s is secure, if your in-house network is connected to the Internet, it is incredibly vulnerable to attack, and Ransomware is typically placed on on-premise servers. Trojans often get placed on PC’s used for recreational purposes when we are least alert to danger.

Nirovision is dedicated to maintaining the security of client data in Nirovision, Nirovision itself, and of course all our internal systems that support our business.

Nirovision Data on the Nirovision Servers & Cloud Infrastructure

Nirovision is a hybrid edge-cloud solution.

The on-premise server is an AI inferencing machine that converts video streams into analytics data and then performs automation such as opening doors. To achieve this, the server needs to store facial fingerprints and external IDs, and have the NirovisionOS installed.

All client data, including thumbnails, results and metadata are stored and encrypted in disparate cloud systems, built on the Asia Pacific (Sydney) region of the AWS (Amazon Web Services) platform. Nirovision stores data solely in Australia.

Nirovision uses Auth0 to handle identity management. Auth0 is an industry leading identity management platform.

AWS makes security its top priority, providing a data centre and network architecture built to meet the requirements of the most security-sensitive organisations such as NASA, Atlassian and Dow Jones. AWS is constantly evolving its core security services such as identity and access management, logging and monitoring, encryption and key management, network segmentation and Denial of Service (DDoS) protection.

AWS has achieved a substantial amount of certification and compliance in industry standards, which recognise best practices in Information Security. In 2019, the Australian Cyber Security Centre (ACSC) certified AWS for hosting Australian Government data classified up to the PROTECTED classification level.

Nirovision actively works to take advantage of AWS services, following Information Security best practices. We keep your Nirovision data safe by adhering to industry best practices. AWS has an extensive and constant Cyber Security presence (its reputation depends on it) and Nirovision too has its own Information Security Team. We continually monitor our AWS environment, implementing updates and patches in line with best practices prescribed by AWS.

You can find out more about AWS security in the AWS Security & Compliance Quick Reference Guide (2018). For a full listing of AWS certification and compliance, visit aws.amazon.com/compliance. The terms of agreement between Nirovision & AWS can be found at aws.amazon.com/agreement.

Auth0 also has an extensive Cyber Security presence. You can find out more about Auth0 security, privacy and compliance practices in the Auth0 Security Guide. For a full listing of Auth0 certifications and compliance, visit auth0.com/docs/compliance. The terms of agreement between Nirovision & Auth0 can be found at auth0.com/web-terms.

Data Encryption

Each Nirovision application is accessed via HTTPS using Transport Layer Security (TLS). TLS is a cryptographic protocol designed to protect information transmitted over the internet against eavesdropping, tampering, and message forgery.

Once client data reaches Nirovision’s cloud infrastructure, personally identifiable data is encrypted at rest using AES-256, military grade encryption.

Security Controls

Nirovision utilises multiple layers of security controls (software, physical and process based) to protect our client data. This includes, but is not limited to:

  • Local & Network Firewalls
  • Web Application Firewalls
  • Intrusion Detection Systems (IDS)
  • DDoS Throttling Services
  • Access Control Lists
  • Security Patch Management
  • Identity and Access Management
  • Centralised Log Management
  • Symmetric and Asymmetric Encryption systems
  • Two Factor Authentication
  • Separation of Duties
  • Vulnerability Assessment
  • Anomaly Detection
  • Remote Monitoring & Alerting
 

Nirovision understands security is of foremost importance to our customers. These are some security measures you can implement, alongside systems Nirovision has developed to strengthen security for your business.

Employee Vetting

All members of Nirovision’s workforce, including regular employees and independent contractors, are required to comply with internal security policies and standards designed to ensure compliance with law and with best security practices.

All Nirovision staff who have direct access to our cloud infrastructure must go through an extensive vetting process. This ensures only bona fide team members are selected to look after our core platform.

Secure Product Development

Nirovision has built a development process that requires minimal manual intervention, is constantly monitored, allows rapid response to issues, and encourages efficient software testing. The deployment of our products is done with common industry standard tools and follows best practices.

All components developed at Nirovision are peer-reviewed by the workforce to ensure security, performance, and adherence to the company’s principles and commitments.

Service Availability

Nirovision has been designed to be a highly available solution. Nirovision services are stored in AWS data centres within the Asia Pacific (Sydney) region.

System Monitoring

Nirovision is monitored 24hours a day, 7 days a week, 365 days a year.

Backup Policy

Nirovision’s infrastructure services are backed up periodically, with different frequencies per service. Databases are backed up once a day. Backups are stored for seven (7) days.

Data Ownership

The data contained in Nirovision remains the property of the licensed subscriber. If the subscriber ends their agreement with Nirovision, Nirovision will destroy user-identifiable data, but some residual data may remain stored in our Cloud infrastructure for 60 days before it expires.

Found a Vulnerability?

At Nirovision, we strive to have the most secure solution we can. If you believe you’ve found a security vulnerability in our platform, please let us know on security@nirovision.com.

We will address each issue in a timely fashion, and request that you provide us with a reasonable timeframe to address the issue before public disclosure. Do not publicly disclose the details of any potential security vulnerabilities without express written consent from us.

Report a Data Breach

If you believe Nirovision client information has become publicly available, outside of the Nirovision applications, please contact us immediately on security@nirovision.com for validation.

Nirovision has a duty of care of our client’s data. If a data breach occurs, we must notify affected clients immediately following guidelines established by the OIAC’s Notifiable Data Breaches scheme.

Questions?

This statement reflects the security policy of Nirovision and is regularly reviewed and updated. It should be regarded as the primary source of truth regarding security within the Nirovision applications. Any questions should be directed to security@nirovision.com.