Security & Compliance
  • 4 Minutes to read

    Security & Compliance

      Article Summary

      The protection and security of our client’s remote workforces and business data is fundamental to everything we do at NordLayer. As part of Nord Security, it’s in our DNA to ensure compliance and data security best practices are in place at all times.

      We also understand that businesses in many industries need to meet compliance standards to ensure they are protecting and managing sensitive data in a way that is deemed secure by globally recognized institutions.

      Our information security management systems are certified according to ISO 27001, validated by SOC 2 Type I audit, meet the objectives outlined in the HIPAA Security Rules, and support powerful AES-256 military-grade encryption, which ensures business data can’t fall into the wrong hands.

      Additional to preventing data loss, NordLayer also guards against unauthorized access to your company network and allows you to set granular access permissions and policy enforcement. Through network control features such as IP allowlisting, businesses can ensure that sensitive data in the cloud is secure and cannot be accessed or shared with unauthorized users.

      Multiple layers of security can also be implemented, such as 2FA and SSO, in order to ensure network access and company data is only available to those who are recognized and validated.

      More on ISO 27001

      We’re proud that NordLayers’ information security management systems are certified according to ISO 27001.

      The entire certification achieved is ISO/IEC 27001:2013 — relating to the information security management system (ISMS) for Nord Security.

      • This is a set of policies and procedures for systematically managing an organization’s sensitive data.
      • The goal of an ISMS is to minimize risk and ensure business continuity by proactively limiting the impact of a security breach.
      • An ISMS typically addresses employee behavior, processes, data, and technology. It can be targeted towards a particular type of data, such as customer data, or it can be implemented in a comprehensive way that becomes part of the company’s culture.
      • The goal of ISO 27001 is to provide a framework of standards for how a modern organization should manage its information and data.
      • Risk management is a key part of ISO 27001, ensuring that a company understands where its strengths and weaknesses lie. ISO maturity is a sign of a secure, reliable organization that can be trusted with data.

      How does an ISO/IEC 27001 certification benefit our clients?

      An ISO/IEC 27001 certification serves as a safety barometer for an organization’s information security landscape and with this in place, NordLayer clients and prospective clients alike can have peace of mind that fundamental procedures and controls are in place to protect their data via a formal information security management system.

      • Ensuring data can only be adjusted by trusted and authorized users.
      • Assessing the risks and proactively mitigating potential data breaches.
      • Align management processes with business risk strategies and client needs.

      ISO 27001 & NordLayer

      The certificate was issued by TÜV Thüringen and applies to NordLayer and NordPass Business.

      ISO/IEC 27001:2013 is the leading international standard on information security. The standard is based upon three pillars:

      • Confidentiality
      • Integrity
      • Availability


      Certificate Validation

      You can check the validity of an organization’s certification issued by TÜV Thüringen on their website.

      More on SOC 2 Type 2

      Our journey from SOC 2 Type 1 to SOC 2 Type 2 certification is a significant step for NordLayer. Just as SOC 2 Type 1 showed we were heading in the right direction, SOC 2 Type 2 demonstrates our deeper commitment to keeping our clients' data safe and ensuring our services are reliable.

      How is SOC 2 Type 2 audit beneficial to our clients?

      Clients of NordLayer gain important advantages from our SOC 2 Type 2 certification. SOC 2 Type 2 gives you the following benefits:

      • Better Data Security: SOC 2 Type 2 confirms our security controls work well over a long period of time. You can trust that your sensitive data is protected with care.
      • Reliable Service: This certification ensures you get our services without interruptions. You can count on NordLayer for dependable network security and infrastructure services.
      • Adapting to Change: We are committed to getting better all the time. We adjust our security to fight new threats. You can be confident we're always using the latest security measures.

      SOC 2 Type 2 & NordLayer

      NordLayer, a leader in network security and infrastructure services, proudly holds SOC 2 Type 2 certification. This shows our dedication to keeping your data safe and ensuring our services are reliable.

      The SOC 2 Type 2 report confirms that NordLayer’s security controls work well over a long period of time. It also means your data stays safe, and you get our services without interruptions.

      This certification also shows we follow rules and standards and are always working to improve. NordLayer constantly updates our security to protect against new threats, giving you peace of mind about your data's safety.

      HIPAA and NordLayer

      The Health Insurance Portability and Accountability Act, or HIPAA, is a federal statute enforced by the United States legislature. Its primary function is to uphold the integrity of health data. Each covered entity that stores, processes, or transmits Protected Health Information (PHI) must be HIPAA-compliant.

      PHI can take many forms, and its digital counterpart is electronically Protected Health Information (ePHI). Since most healthcare organizations now store patient data online, ePHI has become the primary method for archiving patient data.

      Here are HIPAA requirements for covered entities:

      • The security concepts of access controls (centrally-controlled unique credentials for each user and procedures to manage the release or disclosure of ePHI).
      • Integrity controls (policies and procedures to ensure that ePHI is properly altered or destroyed).
      • Audit controls (hardware, software, and/or procedural mechanisms to record and examine access and other ePHI-adjacent activity).
      • Network security (encryption, firewalling, etc.).

      NordLayer is proud to be able to say that independent assessors reviewed the policies, standards, and procedures that applies to NordLayer and concluded that they meet the security objectives outlined in the HIPAA Security Rules. This means that NordLayer is HIPAA-compliant and has the appropriate measures for securing access to PHI.

      Note: Note: If you would like to view our other certificates and security reports, please reach out to our 24/7 Customer Support Team.

      Was this article helpful?

      What's Next