Navia's Commitment to Data Security

At Navia, we prioritize both compliance and the protection of customer data. Below are some of the practices we implement to ensure your data's safety:

Regular Testing and Reviews

• Penetration Testing and Inspections: We conduct both internal and external penetration tests and inspections to identify and mitigate vulnerabilities.
• Infrastructure and Team Reviews: Our infrastructure and the managing team undergo regular assessments to ensure robust security protocols.

Selective Internet Exposure: We expose only the essential systems to the internet, reducing potential entry points for attacks.

Advanced Security Measures

• Cloudflare Protection: We utilize Cloudflare for web application firewall and DDoS protection, ensuring secure, private, fast, and reliable connections.
• Isolated Systems: Our systems are distributed across multiple locations and networks, isolating them from each other to enhance security.

Employee Access Control

• Two-Factor Authentication (2FA): All internal systems require 2FA for access, adding an additional layer of security.
• Role-Based Access: Employees have access to systems based on their specific roles and departments. This access control is a core practice within our Systems department and is audited periodically.
• Linux-Based Systems: The majority of our non-technical employees use Linux variants on their computers, reducing the attack surface typically associated with Windows systems.

Client Account Security

• 2FA for Client Accounts: We support real 2FA with app-based TOTP for Rocket Plus, while the Navia App is enabled with both mobile and app-based 2FAs.
• Single Sign-On (SSO) and 2FA: Our front-end systems, like Navia, use a single login (SSO) combined with 2FA for enhanced security.

Continuous Vigilance: We are committed to applying the best security principles and remain vigilant to prevent potential security breaches. In today’s complex and interconnected digital environment, even a small oversight can lead to significant issues.

While 100% security may not be achievable, our continuous efforts to follow best practices reflect our commitment to maintaining the highest possible security standards.