Leadership Commitment (Clause 5.1 and 5.2)
Senior management commits to integrating information security into our strategic planning and business operations. Information security roles and responsibilities are clearly defined across technical, operational, and executive functions.
Risk-Based Approach (Clause 6.1)
Nettverk maintains an Information Security Risk Assessment Methodology to identify, assess, and treat risks aligned with its connectors, APIs, cloud services, and client data.
Access Control (Annex A 5.15, 5.16, 5.17)
Only authorised users shall access production and development environments based on least privilege and business need.
Secure System Integration (Annex A 8.24, 8.25)
All integration between Salesforce, Xero, and WooCommerce must follow secure API practices, including:
- Authentication via OAuth2.
- Secure token storage.
- Logging and monitoring of all data flows.
- Automated alerts for unauthorised access attempts.
Asset Protection (Annex A 5.9, 5.10, 5.12)
Information assets, including integration codebases, customer credentials, API keys, and logging systems, shall be:
- Inventoried and classified.
- Protected using encryption and backup.
- Governed by secure configuration baselines.
Threat Intelligence and Monitoring (Annex A 5.7, 5.28, 5.30)
The SOC team shall collect threat intelligence relevant to cloud APIs, connector vulnerabilities, and SaaS platforms. Security logs are analysed to detect anomalies across the integration infrastructure.
Business Continuity and Resilience (Annex A 5.29, 5.30)
Nettverk ensures the resilience of integration services through:
- Cloud redundancy and automated failover.
- Regular backup and disaster recovery testing.
- RTO ≤ 4 hours; RPO ≤ 24 hours for client integrations.
Data Privacy and Compliance (Annex A 5.14, 5.31)
Customer data exchanged between systems shall be handled with:
- End-to-end encryption
- Data minimization
- GDPR-compliant practices and consent management
