At Navia we are not only conscious about adhering to compliance requirements but also very cognizant  when it comes to managing our customer data . Here are some practices we follow to ensure the safety of your data:

> We conduct regular internal and external penetration testing and inspections.

> Regular reviews of our infrastructure and the managing Team.

> We expose only things that really need to be exposed to the internet.  

> We have Cloudflare  that provides web application firewall and DDoS protection. The network is designed to make connections through the internet secure, private, fast and reliable.  

> Systems are located in multiple locations on different networks to isolate them from each other.

> All our internal employee systems require 2FA to access.

> Employees are provided access to different systems based on their departments and roles.

> This role-based access is embedded as a practice into our Systems department that clears access and their processes as well. This process is audited on periodical basis.

> Significant majority of non-tech employee computers also run variants of Linux to reduce the large attack surface of Windows systems.

> For client accounts, we support real 2FA with app based TOTP (enabled Rocket Plus while Navia App is enbaled with mobile & App based 2FAs).

> Our Front-end systems like Navia, use a single login (SSO) + 2FA

Being conscious of security and applying whatever possible security principles is our endeavor. In today's complex, interconnected systems, one small let off, technical or a human error, can result in a huge issues. 

While 100% security does not exist , continuous  vigil, as a practice, is the best anyone can do. We take efforts to follow the best practices and are always conscious of security.