Certifications

  • NowForce is ISO27001 and ISO 27799 certified.

Policy & Training

  • Developers are trained in Secure Web Development methodologies.

  • Development follows OWASP best practices for mobile and web development.

  • Annual privacy training.

  • Security and Privacy policies are in place.

Background Checks

  • ​NowForce personnel passed criminal background checks (relevant employees).

Access Control

  • Access to Dispatcher user interface can be limited to specific IP ranges per organization - optional configuration.

  • Single device login (preventing multiple logins from the same account) - optional configuration.

  • Unique IDs are assigned to each mobile device allowing the blocking/disabling of unauthorized users even if the application is already installed on their device.

  • Access to cloud infrastructure uses 2-factor authentication.

  • Access to NowForce API using OAuth2.

Passwords

  • All passwords stored in the database are hashed.

  • CJIS compliance elements include:

* Password renewal policy

* Password with a minimum length of 8 characters

* Strong Passwords enforcement

* Password expires after 90 days

* Force user to change password on first entry

* Prevent reuse of last 10 passwords

* Automatic lock of user after 5 failed attempts

Information Control

  • Passive / Active users – ability to control which type of users are sending location information at any given time.

  • Data retention – ability to define amount of time that the system will store information such as location and incident related details with option to export the data to local protected files.

  • Secure data upload – provision of secure link for uploading of images and files to the NowForce system, ensuring all incident data is protected.

Data Protection:

  • Encryption in transit - NowForce system uses SSL/TLS encryption 1.2 for all communications.

  • Encryption at rest - Application of encrypted at rest data protection is now available for all SAAS customers and makes use of state-of-the-art encryption algorithms.

Additional Options

  • Customer can connect to cloud using VPN.

  • Deployment over dedicated instance.


Did this answer your question?