Security
Security is at the heart of
— Navro.
Navro operates an ISO 27001:2022 certified Information Security Management System (ISMS). Our program follows industry best practices, embedding least-privilege access, defense-in-depth controls, and continuous monitoring across our environments. Customer data is protected with strong encryption in transit and at rest, and secrets are centrally managed with strict access controls and rotation.
Navro has recently completed a SOC 2 Type I audit and is currently in a Type II observation period. These audits further demonstrate our commitment to security best practice and regulatory security compliance.
Effective Security Management
Navro's Information Security Management System (ISMS) ensures a structured approach to managing information security, and is fully aligned with ISO/IEC 27001:2022 certified.
Our ISMS addresses business risks and establishes tailored security controls.
We are committed to maintaining best practices through regular audits, and every employee plays a key role in adhering to security standards.
Security controls are applied consistently across all areas of the enterprise.
The Security Team oversees the implementation and continuous improvement across all operations.
Data Encryption
Standards
Navro’s encryption standards are aligned to industry best practices and the requirements issued by regulators and government bodies.
Information handled by the organisation is encrypted in transit and at rest. This includes but is not limited to information provided by our clients. Access to encryption keys is strictly controlled and maintained with full audit trail.
In transit
Navro uses TLS 1.2 or higher everywhere data is transmitted.
We also implement features such as HSTS (HTTP Strict Transport Security) to maximise the security of our data in transit.
At rest
All data stores including customer data are encrypted at rest using AES256.
We encrypt data at rest using industry-standard algorithms (AES256), keys and certificates are securely managed in our hosting environments using key management systems (KMS) with access limited to authorised services and roles.
Enterprise Security
Navro uses a cloud based identity provider to securely manage employee identity and access management across Navro's suite of productivity applications. We use MFA across all applications including phishing-resistant authentication factors.
Navro employees are granted access to applications based on their role, and further access must be logged and approved in compliance with security policy and procedures. Employee access is continuously monitored and automatically deprovisioned upon termination of employment.
Navro protects remote access to internal resources through a modern, secure VPN platform. Access to network segments and applications is governed by strong authentication and conditional access controls, enforcing zero trust principles throughout.
Navro provides comprehensive security training to all employees upon onboarding and annually through dedicated educational modules.
In addition, all new employees attend a mandatory live onboarding session centered around key security principles. All new engineers also attend a mandatory live onboarding session focused on secure coding principles and practices.
Navro’s security team shares regular news and threat briefings with employees to inform them of important security and safety-related updates that require special attention or action.
All corporate devices are centrally managed and protected with mobile device management (MDM), anti-malware, and conditional access policies that verify device health and compliance before granting access.
Endpoint security alerts are continuously monitored, and MDM is used to enforce secure and compliant configurations, including disk encryption, screen lock settings, configuration restrictions, software deployment, privacy controls, and timely software updates.
Navro's vulnerability management program provides continuous visibility of vulnerabilities across our infrastructure, applications, and third-party components. We prioritise issues based on context and risk, applying timely patches and configuration changes. This ensures that known vulnerabilities are addressed promptly and that our security posture is consistently improved over time.
Navro builds security into every stage of our software development lifecycle, rather than treating it as a final checkpoint. Integrating automated security testing, code analysis, and secure configuration checks directly into our CI/CD pipelines.
We also comply with international data protection standards in the regions we operate.
.png)
.png)
.png)
.png)
Our global
network
Questions? Want to schedule a demo? Reach out to a member of our team.
