Effective date: March 31, 2023

Security policy

Purpose

The purpose of this policy is to outline the security measures taken by Nikkl to protect the confidentiality, integrity, and availability of sensitive financial data, including but not limited to, customer information, financial transactions, and company confidential information. This policy applies to all employees, contractors, and third-party service providers who access Nikkl's data.

Scope

This policy covers all Nikkl data, systems, and networks, including but not limited to,

  • Customer information, such as names, addresses, Social Security numbers, and financial account information.

  • Financial transactions, such as deposits, withdrawals, and transfers.

  • Company confidential information, such as financial reports, business plans, and strategic information.

Policy

  1. Access Management

    a. Access to Nikkl's data is restricted to authorized personnel only.

    b. Access to systems and networks is granted based on the principle of least privilege, ensuring that only the minimum level of access necessary is granted.

    c. Passwords must be strong and changed regularly, and two-factor authentication is required for all remote access to company systems and networks.

    d. All system access is logged and regularly audited to ensure compliance with company policies and regulations.


  2. Data Encryption:

    a. Nikkl utilizes encryption to protect all types of sensitive data, including customer data, employee data, and intellectual property in transit and at rest.

    b. Data in transit is encrypted using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols.

    c. Data at rest is encrypted using industry-standard encryption algorithms, such as Advanced Encryption Standard (AES).

    d. Encryption keys are securely managed, rotated, and protected from unauthorized access.

    e. Data encryption policies are regularly reviewed and updated to ensure compliance with industry standards and best practices.

    f. Encrypted backups are stored in secure air-gapped storage to prevent data loss in case of a disaster or breach.

    g. Encryption is also used to protect data on portable devices, such as laptops and mobile phones, to prevent data breaches in case of loss or theft.

    h. Access controls and monitoring mechanisms are in place to prevent unauthorized access to encrypted data.


  3. Network Security:

    a. Nikkl implements firewalls, Virtual Private Networks (VPNs), and other network security measures to restrict access to its systems and networks.

    b. Regular security audits are performed to ensure that the network configuration is secure.

    c. Nikkl has a formal process for identifying and prioritizing vulnerabilities based on their severity and potential impact on the business.

    d. Vulnerabilities are promptly remediated through the application of security patches, updates, or other mitigating controls.

    e. Nikkl actively monitors external threat intelligence feeds to stay informed about the latest security threats and vulnerabilities.

    f. Nikkl uses SIEM tools to aggregate and analyze security-related events across its systems and networks

    g. Nikkl uses EDR tools to detect and respond to security incidents on endpoints, including laptops, desktops, and servers.

    h. Nikki regularly conducts security awareness training to educate employees about common phishing and social engineering tactics.


  4. Disaster Recovery:

    a. Nikkl's disaster recovery plan includes a comprehensive backup strategy that ensures critical data is regularly backed up and can be quickly restored in the event of a disaster.

    b. Regular disaster recovery drills are conducted to test the plan and ensure its effectiveness, identify areas for improvement, and provide employees with experience responding to a disaster.

    c. Nikkl implements proactive endpoint security measures such as configuration management and MDM to ensure all deployed equipment is compliant, secure, uniform, and quickly recoverable.

    d. The disaster recovery plan includes clear roles and responsibilities for all employees involved in the recovery process, and includes procedures for activating the plan and notifying key stakeholders.

  5. Incident Response:

    a. Nikkl has an incident response plan in place to address any security incidents that may occur.

    b. Employees, contractors, and third-party service providers are required to report any suspected security incidents to the designated incident response team immediately.

    c. If a security incident occurs, Nikkl will promptly notify affected customers, partners, and other stakeholders and take all necessary steps to mitigate the impact of the incident.

    d. Nikkl has established procedures for containing security incidents and preventing them from spreading to other parts of the network or affecting other systems or applications.

    e. Nikkl conducts regular incident response drills and simulations to evaluate the effectiveness of the plan, identify areas for improvement, and provide employees with experience responding to security incidents.

    f. The incident response plan includes procedures for preserving and analyzing evidence related to the incident, to support potential legal or regulatory investigations.

    g. Nikkl maintains a detailed incident response log that documents all security incidents, the actions taken to respond to them, and the outcomes of those actions.

    h. The incident response plan includes procedures for conducting post-incident reviews to identify lessons learned and opportunities for improvement.

  6. Compliance

    a. Nikkl is committed to meeting all applicable legal and regulatory requirements for the protection of financial data, including but not limited to the Gramm-Leach-Bliley Act (GLBA). We are also in the process of meeting the Payment Card Industry Data Security Standard (PCI DSS) and expect to meet these standards by June 2023.

    b. Nikkl regularly reviews its security policies and procedures to ensure ongoing compliance with applicable laws and regulations.

Conclusion

Nikkl is committed to protecting the confidentiality, integrity, and availability of sensitive financial data. By following this security policy, Nikkl aims to ensure that its customers' financial information is protected against threats and that its customers can trust that their data is secure.

Contacting Us

If you have any questions about our use of cookies or this Policy, please contact us at help@nikkl.com or by mail at:
Nikkl, Inc
7014 E Camelback Rd.
Suite 1452
Scottsdale, AZ 85251