Get full access to this Security Portal
  • Review all security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access

Overview

Here at Nyby we take security and privacy seriously. On this Security Status Page you can find an overview of our internal security program. You can also request access to our audit reports and security policies for review,

Send us a note at security@nyby.com if you have any additional questions.

Compliance

GDPR Logo
GDPR
Get full access to this Security Portal
  • Review all security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access

Nyby is reviewed and trusted by

Oslo kommuneOslo kommune
KreftforeningenKreftforeningen
Røde KorsRøde Kors
Bodø kommuneBodø kommune
Kongsvinger kommuneKongsvinger kommune
2 Documents
Encryption Policy
Information Security Policy

Risk Profile

Data Access LevelRestricted
Impact LevelSubstantial
Critical DependenceYes
See more

Product Security

Audit Logging
Team Management

Reports

We may provide security-related reports upon request.

Self-Assessments

We are working on our security compliance. We can provide completed questionnaires upon request.

Data Security

We follow industry best practices for data security. We are happy to provide more details about our data security practices upon request.

App Security

We take application security seriously and are putting together a program to monitor internal apps.

Access Control

Access is tightly monitored and controlled at our company. We are happy to provide more details about our access control practices upon request.

Infrastructure

Anti-DDoS
Amazon Web Services

Endpoint Security

We follow industry best practices for endpoint security. We are happy to provide more details about our endpoint security practices upon request.

Network Security

We protect our corporate network against external & internal threats.

Corporate Security

We implement internal measures and practices to maintain a high standard of security.

Policies

Encryption Policy
Information Security Policy

Security Grades

Qualys SSL Labs
Main API Endpoint

Trust Center Updates

Spring4Shell Update

Published at 05/18/2022, 8:16 AM

How is Nyby responding to Spring4Shell?

In late March 2022, a new remote code execution (RCE) vulnerability also known as Spring4Shell was discovered. Our security team responded quickly to determine impact and applicability.

Are Nyby services impacted?

Nyby's services are not affected by this vulnerability as none of our software use the Spring framework. Nevertheless we will watch for further developments and actively monitor the situation.

Regarding the Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228), also known as Log4Shell

Published at 05/18/2022, 8:08 AM

How is Nyby responding to the Log4j vulnerability?

The Nyby Security team has evaluated our exposure to the Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228), also known as Log4Shell. Log4j is a Java-based logging utility found in a wide number of software products. The vulnerability was disclosed by the Apache Log4j project on Thursday, December 9, 2021. Recently after the the vulnerability got disclosed Nyby began investigating if our systems was affected.

Are Nyby's services impacted?

We have performed a thorough investigation and found no Nyby products or customer-facing tools which make use of Log4j.