Our Data Security Approach

Last updated: March 30, 2026

Our Data Security Approach

At N.Rich, safeguarding the personal and business data entrusted to us is at the heart of our operations. To protect against unauthorized access, loss, or alteration of data, we have implemented a comprehensive Information Security Management System (ISMS) aligned with the globally recognized ISO 27001 standard.
Our security framework is built upon three core principles:

  • Confidentiality: Ensuring data is only accessible to authorized individuals.

  • Integrity: Maintaining the completeness and accuracy of information.

  • Availability: Ensuring systems and data are accessible when needed.

Here is a brief overview of how we protect our data ecosystem:
Global Privacy and Compliance We operate with a privacy-first mindset, ensuring strict compliance with major global data protection regulations. This includes the EU General Data Protection Regulation (GDPR), as well as applicable US state privacy laws such as the California Consumer Privacy Act (CCPA) and the Virginia Consumer Data Protection Act (VCDPA).

Robust Technical and Organizational Measures

  • Strict Access Controls: Access to our systems and data is governed strictly by the “need-to-know” and “need-to-use” principles. Only designated personnel have access to sensitive information, and we enforce Multi-Factor Authentication (MFA) and strong password policies across business-critical systems.

  • Data Encryption: We deploy strong encryption protocols to protect confidential and sensitive information both in transit and at rest.

  • Endpoint Security: All company workstations used for work are protected by actively managed and approved endpoint security solutions (antivirus) and firewalls.

  • Secure Development: Our software development lifecycle incorporates “Privacy by Design,” mandatory peer reviews, and strict separation between testing and production environments.

Rigorous Supplier Management

Our commitment to security extends to our partners. We conduct thorough security and privacy assessments on all third-party vendors and service providers before they are onboarded. Any supplier processing personally identifiable information (PII) on our behalf must sign a Data Processing Agreement (DPA) and adhere to our strict security standards.

A Culture of Security

Technology is only as strong as the people using it. Information security is the responsibility of everyone at N.Rich. All employees and contractors undergo regular information security awareness training to stay vigilant against threats like phishing and social engineering. Furthermore, all personnel authorized to process data are bound by strict confidentiality obligations.
Through continuous audits, regular policy reviews, and a proactive approach to risk management, N.Rich ensures that our security posture adapts to the ever-evolving cybersecurity landscape.

Custom security reviews

We are happy to participate to any custom security review processes our clients require. N.Rich's DPO and security team can provide supporting documentation for client-side DPIAs, vendor security assessments, and ISO audit evidence upon request.