Compliance and certifications
How nBold hosts services and data
We host in world class facilities.
The vast majority of our services and data of the nBold Platform are hosted in the Microsoft Azure platform, the cloud provider with the most security and privacy certifications, and thereby complies at the infrastructure level with the most rigorous security and compliance standards.
Especially, Microsoft Azure meets a broad set of international and industry-specific compliance standards, such as: General Data Protection Regulation (GDPR)
- ISO 27001
- SOC 1 and SOC 2
As well as country-specific standards, including:
- Australia IRAP
- UK G-Cloud
- Singapore MTCS
See Microsoft Azure Trusted Cloud for more information.
Microsoft 365 App Certification
The Microsoft 365 App Certification acknowledges that an app provides the highest level of data protection, security and privacy. In other words, if you use a Microsoft 365 certified app, you can be confident that your internal data and sensitive information are under control and protected.
This certification criteria is comprised of four main domains.
Application Security Domain
The Application Security domain especially includes Microsoft Graph API Permission validation and Application Security Testing.
Microsoft Graph API Permission validates that the app doesn’t request overly broad permissions, and that each of them are properly justified.
The independent application security testing must be carried out by a reputable independent cybersecurity company. We’re now working with the French Cybersecurity and Auditing company Synetis. With the help of Synetis, we conducted an initial penetration test and security audit. In addition, we contracted with them to perform similar testing quarterly.
Operational Security Domain
As a next step, the application must prove its infrastructure and deployment processes are aligned with security best practices from the industry. For instance:
- Malware Protection
- Secure Software Development
- Risk Management
Data Handling Security and Privacy Domain
The Data Handling Security and Privacy section covers the following:
- Data security at rest and in transit
- GDPR compliance
- Data Access Management
- Access Control
Optional External Compliance Framework Domain
Also, the certification analysts may check the validity of those security compliance frameworks:
- ISMS/ IEC – IS0/IEC 27001 specification
- PCI DSS
- SOC 2