Security Portal

Get access to this Security Portal
  • Review sensitive security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access

Overview

Here at Nyby we take security and privacy seriously. On this Security Status Page you can find an overview of our internal security program. You can also request access to our audit reports and security policies for review,

Send us a note at security@nyby.com if you have any additional questions.

Compliance

GDPR Logo
GDPR
Get access to this Security Portal
  • Review sensitive security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access

Nyby is reviewed and trusted by

Oslo kommuneOslo kommune
KreftforeningenKreftforeningen
Bodø kommuneBodø kommune
Kongsvinger kommuneKongsvinger kommune

Documents

6 Documents
Network Diagram
Other Reports
Pentest Report
Security Whitepaper
Encryption Policy
Information Security Policy

Risk Profile

Data Access LevelRestricted
Impact LevelSubstantial
Critical DependenceYes
See more

Product Security

Audit Logging
Multi-Factor Authentication
Service-Level Agreement
See more

Reports

Network Diagram
Other Reports
Pentest Report
See more

Self-Assessments

We are working on our security compliance. We can provide completed questionnaires upon request.

Data Security

Access Monitoring
Backups Enabled
Data Erasure
See more

App Security

Software Development Lifecycle
Vulnerability & Patch Management

Access Control

Data Access
Logging

Infrastructure

Anti-DDoS
Amazon Web Services

Endpoint Security

We follow industry best practices for endpoint security. We are happy to provide more details about our endpoint security practices upon request.

Network Security

We protect our corporate network against external & internal threats.

Corporate Security

Employee Training
Internal SSO

Policies

Encryption Policy
Information Security Policy

Security Grades

ImmuniWeb
Nyby Web App
A
Qualys SSL Labs
Main API Endpoint

Trust Center Updates

Spring4Shell Update

How is Nyby responding to Spring4Shell?

In late March 2022, a new remote code execution (RCE) vulnerability also known as Spring4Shell was discovered. Our security team responded quickly to determine impact and applicability.

Are Nyby services impacted?

Nyby's services are not affected by this vulnerability as none of our software use the Spring framework. Nevertheless we will watch for further developments and actively monitor the situation.

Published at 05/18/2022, 8:16 AM

Regarding the Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228), also known as Log4Shell

How is Nyby responding to the Log4j vulnerability?

The Nyby Security team has evaluated our exposure to the Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228), also known as Log4Shell. Log4j is a Java-based logging utility found in a wide number of software products. The vulnerability was disclosed by the Apache Log4j project on Thursday, December 9, 2021. Recently after the the vulnerability got disclosed Nyby began investigating if our systems was affected.

Are Nyby's services impacted?

We have performed a thorough investigation and found no Nyby products or customer-facing tools which make use of Log4j.

Published at 05/18/2022, 8:08 AM