NowForce is ISO27001 and ISO 27799 certified.
Policy & Training
Developers are trained in Secure Web Development methodologies.
Development follows OWASP best practices for mobile and web development.
Annual privacy training.
Security and Privacy policies are in place.
NowForce personnel passed criminal background checks (relevant employees).
Access to Dispatcher user interface can be limited to specific IP ranges per organization - optional configuration.
Single device login (preventing multiple logins from the same account) - optional configuration.
Unique IDs are assigned to each mobile device allowing the blocking/disabling of unauthorized users even if the application is already installed on their device.
Access to cloud infrastructure uses 2-factor authentication.
Access to NowForce API using OAuth2.
All passwords stored in the database are hashed.
CJIS compliance elements include:
* Password renewal policy
* Password with a minimum length of 8 characters
* Strong Passwords enforcement
* Password expires after 90 days
* Force user to change password on first entry
* Prevent reuse of last 10 passwords
* Automatic lock of user after 5 failed attempts
Passive / Active users – ability to control which type of users are sending location information at any given time.
Data retention – ability to define amount of time that the system will store information such as location and incident related details with option to export the data to local protected files.
Secure data upload – provision of secure link for uploading of images and files to the NowForce system, ensuring all incident data is protected.
Encryption in transit - NowForce system uses SSL/TLS encryption 1.2 for all communications.
Encryption at rest - Application of encrypted at rest data protection is now available for all SAAS customers and makes use of state-of-the-art encryption algorithms.
Customer can connect to cloud using VPN.
Deployment over dedicated instance.