Skip to main content

Compliance and certifications

How nBold hosts services and data

We host in world class facilities.
The vast majority of our services and data of the nBold Platform are hosted in the Microsoft Azure platform, the cloud provider with the most security and privacy certifications, and thereby complies at the infrastructure level with the most rigorous security and compliance standards.

Especially, Microsoft Azure meets a broad set of international and industry-specific compliance standards, such as: General Data Protection Regulation (GDPR)

  • ISO 27001
  • HIPAA
  • FedRAMP
  • SOC 1 and SOC 2

As well as country-specific standards, including:

  • Australia IRAP
  • UK G-Cloud
  • Singapore MTCS

See Microsoft Azure Trusted Cloud for more information.

Certifications

Microsoft 365 App Certification

The Microsoft 365 App Certification acknowledges that an app provides the highest level of data protection, security and privacy. In other words, if you use a Microsoft 365 certified app, you can be confident that your internal data and sensitive information are under control and protected.
This certification criteria is comprised of four main domains.

Application Security Domain

The Application Security domain especially includes Microsoft Graph API Permission validation and Application Security Testing.

Microsoft Graph API Permission validates that the app doesn’t request overly broad permissions, and that each of them are properly justified.

The independent application security testing must be carried out by a reputable independent cybersecurity company. We’re now working with the French Cybersecurity and Auditing company Synetis. With the help of Synetis, we conducted an initial penetration test and security audit. In addition, we contracted with them to perform similar testing quarterly.

Operational Security Domain

As a next step, the application must prove its infrastructure and deployment processes are aligned with security best practices from the industry. For instance:

  • Malware Protection
  • Patching
  • Firewalls
  • Secure Software Development
  • Risk Management

Data Handling Security and Privacy Domain

The Data Handling Security and Privacy section covers the following:

  • Data security at rest and in transit
  • GDPR compliance
  • Data Access Management
  • Access Control

Optional External Compliance Framework Domain

Also, the certification analysts may check the validity of those security compliance frameworks:

  • ISMS/ IEC – IS0/IEC 27001 specification
  • PCI DSS
  • SOC 2