Trust Center

Start your security review
View & download sensitive information
Ask for information

Overview

Here at Nyby we take security and privacy seriously. On this Security Status Page you can find an overview of our internal security program. You can also request access to our audit reports and security policies for review,

Send us a note at security@nyby.com if you have any additional questions.

Compliance

GDPR Logo
GDPR
Start your security review
View & download sensitive information
Ask for information

Nyby is reviewed and trusted by

Oslo kommuneOslo kommune
KreftforeningenKreftforeningen
Bodø kommuneBodø kommune
Kongsvinger kommuneKongsvinger kommune

Documents

Network Diagram
Other Reports
Pentest Report
Security Whitepaper
Encryption Policy
Information Security Policy

Risk Profile

Data Access LevelRestricted
Impact LevelSubstantial
Critical DependenceYes
View more

Product Security

Audit Logging
Multi-Factor Authentication
Service-Level Agreement
View more

Reports

Network Diagram
Other Reports
Pentest Report
View more

Self-Assessments

We are working on our security compliance. We can provide completed questionnaires upon request.

Data Security

Access Monitoring
Backups Enabled
Data Erasure
View more

App Security

Software Development Lifecycle
Vulnerability & Patch Management

Legal

SubprocessorsMongoDBCloudinaryVonageMailgun
Data Processing Agreement
Privacy Policy
View more

Access Control

Data Access
Logging

Infrastructure

Amazon Web Services
Anti-DDoS

Endpoint Security

We follow industry best practices for endpoint security. We are happy to provide more details about our endpoint security practices upon request.

Network Security

We protect our corporate network against external & internal threats.

Corporate Security

Employee Training
Internal SSO

Policies

Encryption Policy
Information Security Policy

Security Grades

ImmuniWeb
Nyby Web App
A
Qualys SSL Labs
Main API Endpoint

Trust Center Updates

Spring4Shell Update

IncidentsCopy link

How is Nyby responding to Spring4Shell?

In late March 2022, a new remote code execution (RCE) vulnerability also known as Spring4Shell was discovered. Our security team responded quickly to determine impact and applicability.

Are Nyby services impacted?

Nyby's services are not affected by this vulnerability as none of our software use the Spring framework. Nevertheless we will watch for further developments and actively monitor the situation.

Published at N/A

Regarding the Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228), also known as Log4Shell

IncidentsCopy link

How is Nyby responding to the Log4j vulnerability?

The Nyby Security team has evaluated our exposure to the Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228), also known as Log4Shell. Log4j is a Java-based logging utility found in a wide number of software products. The vulnerability was disclosed by the Apache Log4j project on Thursday, December 9, 2021. Recently after the the vulnerability got disclosed Nyby began investigating if our systems was affected.

Are Nyby's services impacted?

We have performed a thorough investigation and found no Nyby products or customer-facing tools which make use of Log4j.

Published at N/A
Powered bySafeBase Logo