SECURITY &
Compliance
Security is not optional
The security of our customer’s data and our application is at the core of our business at Ninth Wave.
We are certified to ISO 9001:2015 and hold the National Cyber Security Centre's Cyber Essentials certification.
All of our data centres are certified to ISO 27001.
ENCRYPTION
SmartCore web communications are protected by HTTPS: (256-bit encrypted and certified via SSL (TLS 1.2)) encryption, with each customer having a unique URL.
Data stored on Ninth Wave servers is encrypted at rest using AES encryption, with a 256-bit key.
DISASTER
RECOVERY
All Ninth Wave systems and hosted SmartCore applications are protected by our business continuity and disaster recovery plans.
Each of our data centres is designed to act as the backup and DR site for the other.
Incremental and full backups of hosted SmartCore databases are transferred securely to a geographically separate backup/ DR site.
DATA
PROTECTION
All customer data hosted by Ninth Wave is held in UK data centres and subject to UK and EU data protection legislation.
Each customer’s data is segregated from that of third parties data and no data is stored unencrypted on removeable media.
Remote access to Ninth Wave servers requires additional authentication and is encrypted.
ACCESS
MANAGEMENT
Access to all customer data is determined by the customer and is restricted to appropriate and authorised personnel.
Specific customer requirements for password complexity can be configured in SmartCore, along with IP whitelisting to restrict third party access.
Ninth Wave controls the setup and operation of our servers and other infrastructure at our data centres.
Physical access to these data centres is strictly controlled and monitored by the onsite security team, requiring ID card and biometric based access controls.
REDUNDANCY
The Ninth Wave server stacks are matched at each data centre so that each can act as the disaster recovery site for the other. Each data centre server stack has redundant network connections, firewalls and routers, web and application servers, disk arrays and power supplies. In the event of a network or hardware issue, automatic failover is set up within each server stack and data centre.
All our servers are covered by manufacturer support and repair agreements.
MONITORING
We continuously monitor the availability, capacity and health of our network connections and physical infrastructure.
We regularly check security certifications and scan for potential vulnerabilities across our managed infrastructure.
SERVICE LEVEL
AGREEMENTS
Ninth Wave provides enterprise-level support to our customers by phone, email and through our WMS SmartCore help desk system.
Service Level Agreements can be adapted to meet customer needs with our standard SLA offering better than 99% system availability during UK working hours.
SECURE
DEVELOPMENT
Our development teams are all trained in secure development practices and the system is frequently audited for industry standard vulnerability assessments, such as the OWASP Top 10.
Ninth Wave holds the Cyber Essentials certification and is ISO 9001:2015 certified for the provision of software design, implementation, maintenance, support and consultancy services.
Our customers regularly commission independent penetration tests on their SmartCore applications.
API SECURITY
All access to SmartCore data through an API connection is secured using OAuth2 or similar.
API protection is in place to both black and whitelist IP addresses and to protect against DDoS attacks on API endpoints.