Security and compliance
At TransNexus, we take security seriously. We follow best practices in our policies, procedures and technology to provide reliable systems that safeguard your information. Our compliance certifications reflect our conformance with standards and regulations for privacy and security policies and procedures.
TransNexus has developed security policies and procedures to protect your privacy and ensure the reliability of our software products. Our security program includes:
- Change management processes for acquiring new software or changing IT infrastructure
- Datacenter security policies to safeguard information and software held there
- Business continuity plans to mitigate the effects of unexpected disruptions
- Supply chain management procedures to enable timely, effective communications with suppliers, partners and customers in response to an incident
- Data security and information lifecycle policies to safeguard information, regardless of where it’s held, and dispose of it safely when no longer needed
- Encryption and key management policies to ensure consistent, effective use of secure technology to safeguard information and systems
- Governance and risk management policies to periodically review and update security policies and ensure consistent compliance
- Human resources policies to train employees on security policies and periodically test knowledge and compliance
- Device policies to regulate proper use of computers, tablets, phones and related devices
- Identity and access management policies to establish and maintain controls around permissions and access to systems and information
- Security incident response plan to handle security incidents quickly and effectively.
Compliance certifications, regulations and standards
We use third-parties to review our privacy and security policies and procedures and certify that they conform to best-practice standards. These certifications, regulations and standards include:
- Cloud Security Alliance STAR (Security Trust Assurance and Risk) Program
- EU-U.S. Privacy Shield Framework
- Swiss-U.S. Privacy Shield Framework
- We follow the GDPR (General Data Protection Regulation) policies regarding the collection, retention and disposal of personal data.
- We follow PCI security standards to maintain payment security.
- TransNexus runs several applications on Amazon Web Services (AWS), which conforms to a wide range of compliance certifications.
Submitting a security report
If you believe you have found a security bug or vulnerability within a TransNexus website or software product, please email us at firstname.lastname@example.org. When reporting potential issues, please provide enough information to recreate your findings.