Security
Security at NodesPay
At NodesPay, security is a fundamental aspect of our operations. Our team takes security extremely seriously and follows Secure Development practices while building NodesPay applications. We prioritize secure settings when configuring cloud environments to ensure the safety of our customers’ data. We conduct regular risk assessments of our environment to maintain the confidentiality, integrity, and availability of our services. As evidence of our commitment to security, NodesPay Tekh Holds ISO 27001 certification, and we invest significantly to ensure our services remain secure. By choosing NodesPay, you can trust that your security needs are a top priority.
Third-Party Infrastructure
The infrastructure used by NodesPay to host the NodesPay services is provided by world-class third-party provider, Amazon Web Services (AWS). The physical architectures hosted by these providers are located in the United States, Europe, and Asia with multiple Availability Zones in each Region. NodesPay leverages AWS data centers’ in Singapore. The AWS infrastructures put strong safeguards in place to protect customer data in highly-secure data centers. AWS cloud services are compliant with SOC 1, SOC 2, SOC 3, ISO 27001, ISO 27107, ISO 27018, PCI DSS (plus many additional international regulations and controls) and complete multiple independent security audits annually. Information about security and privacy-related audits and certifications is available from AWS. All our service providers are equipped with ISO27001 as a base. Additional accreditations inclusive of ISO 9001, ISO 27017/27018, and SOC-2.
Application Security
NodesPay leverages modern and secure open-source frameworks with security controls to limit exposure to OWASP Top 10 security risks. These inherent controls reduce our exposure to SQL Injection (SQLi), Cross Site Scripting (XSS), and Cross Site Request Forgery (CSRF), among others. Testing and staging environments are logically separated from the Production environment. No Service Data is used in our development or test environments. The source code repositories are scanned for security issues via our integrated static analysis tooling. In addition to our extensive internal scanning and testing program, NodesPay employs third-party security experts to perform detailed penetration tests on different applications within our family of products.
Infrastructure Monitoring and Internal Protocols
The system status page for NodesPay Tekh is accessible to the general public. By leveraging Site24x7 the infrastructure is monitored continuously to ensure high availability, and to respond to any issues that affects our service. NodesPay Tekh has created an extensive set of security policies that address various issues. All staff members are informed of and given access to these guidelines. We continuously educate staff members about best security practices, such as how to spot hackers, phishing scams, and social engineering techniques. Our IT ecosystem is equipped with products from world class SaaS provider Zoho, who are compliant with ISO 27001, SOC 1, SOC 2, GDPR, and many more.
NodesPay believes that continuous improvement in security is vital. Thus, NodesPay has a dedicated Vulnerability Disclosure Program that encourages security researchers to report any potential security vulnerabilities they discover. To know more about the program, kindly email to [email protected].