Question

Answer

1. Understanding and complying with their contractual obligations to Nintex.
2. Immediately notifying Nintex of suspected or confirmed information security breaches such as compromised user accounts or passwords.
3. Developing disaster recovery and business continuity plans that address their ability to use or access Nintex Workflow Cloud.
4. Protecting end-points to thwart malicious software from entering the Nintex Workflow Cloud execution environment.
5. Notifying Nintex of changes made to technical or administrative contact information in a timely manner.
6. Designating internal personnel who are authorized to request user additions, deletions, and security level changes.
7. Managing the user access controls for provisioning and deprovisioning user accounts. This includes enforcement of password policies, management of shared accounts, and authorization approvals.
8. Restricting administrative privileges to approved need-to-know personnel.
9. Securely managing the connectors including confidential management of account credentials, disabling connections no longer required, and managing need-to-know access to shared account information.
10. Understanding and defining data storage requirements. Securely configuring any EFSS systems or other systems where files are eventually stored.
11. Managing the confidentiality and integrity of the distribution of authentication tokens used to start component workflows.
12. Managing the need-to-know and least privilege when sharing workflows.