Security

At Navisteps, we believe there is no compromise for data security. As an enterprise technology company the security of our users is paramount, with compliance processes and controls in place to protect information from unauthorized access.

Data and System Security

By default, Navisteps encrypts data at rest and data in transit for all of our customers.

All credentials, secrets and sensitive internal data are encrypted and manipulated through AWS Secrets Manager which stores secrets securely with fine-grained access policies.

Continuous threat detection and protection for your data using Cloudflare to monitor for malicious activity and unauthorized behavior.
Communications are established using 256-bit TLS encryption.

Hosted on Amazon Web Services (AWS) with a network architected to protect your information, identities, and devices.

Complete operational audit log with full tracking for actions taken by users to ensure access is compliant.

PCI Obligations

All Card Payments comply with Payment Card Industry Data Security Standard (PCI DSS), and all payment instrument processing is outsourced to First Data Corporation. We use tokenization, where sensitive data is replaced with a unique identifier called a ‘token’, thus allowing your payment to be processed securely.

Information Management

We collect only the minimum necessary personally identifiable information (PII) and use it only for stated purposes.

Access Control

We implement role-based access control at Navisteps and work to ensure that people are only authorized to access data that they reasonably must handle in order to fulfill their current job responsibilities.

Employee Awareness

We provide security awareness training to every employee in the company. All employees are also required to sign a Confidentiality Agreement.