Skip to main content

Question

What security-related best practices are Nintex Workflow Cloud users responsible for?

 

Answer

Users of Nintex Workflow Cloud are responsible for the following:
  1. Understanding and complying with their contractual obligations to Nintex.
  2. Immediately notifying Nintex of suspected or confirmed information security breaches such as compromised user accounts or passwords.
  3. Developing disaster recovery and business continuity plans that address their ability to use or access Nintex Workflow Cloud.
  4. Protecting end-points to thwart malicious software from entering the Nintex Workflow Cloud execution environment.
  5. Notifying Nintex of changes made to technical or administrative contact information in a timely manner.
  6. Designating internal personnel who are authorized to request user additions, deletions, and security level changes.
  7. Managing the user access controls for provisioning and deprovisioning user accounts. This includes enforcement of password policies, management of shared accounts, and authorization approvals.
  8. Restricting administrative privileges to approved need-to-know personnel.
  9. Securely managing the connectors including confidential management of account credentials, disabling connections no longer required, and managing need-to-know access to shared account information.
  10. Understanding and defining data storage requirements. Securely configuring any EFSS systems or other systems where files are eventually stored.
  11. Managing the confidentiality and integrity of the distribution of authentication tokens used to start component workflows.
  12. Managing the need-to-know and least privilege when sharing workflows.

 

Be the first to reply!

Reply