Security Compliance & Penetration Testing

All employees and sub-contractors are trained according to Nintex's quality standards prior to and during their engagement at the company and are reviewed on an annual basis.

FIPS

The  Federal Information Processing Standard (FIPS) Publication 140-2, (FIPS PUB140-2), is a U.S. government computer security standard used to approve cryptographic modules.

All encryption methods used by Nintex, both client and server-side, are FIPS compliant.

Security & penetration testing

Security and penetration testing is performed regularly both internally and by third-party auditors.

Nintex applications are security tested against the latest security protocols, including OWASP, WASC, blackbox testing, graybox testing, and whitebox testing, to discover and resolve security flaws or insecure coding practices such as buffer overflows, injection flaws, and improper error handling, etc.

Based on the results of and external testing and verification process provided by a third-party security auditor, there are no open critical-risk or high-risk vulnerabilities.