Question
What security-related best practices are Nintex Workflow Cloud users responsible for?
Answer
Users of Nintex Workflow Cloud are responsible for the following:
- Understanding and complying with their contractual obligations to Nintex.
- Immediately notifying Nintex of suspected or confirmed information security breaches such as compromised user accounts or passwords.
- Developing disaster recovery and business continuity plans that address their ability to use or access Nintex Workflow Cloud.
- Protecting end-points to thwart malicious software from entering the Nintex Workflow Cloud execution environment.
- Notifying Nintex of changes made to technical or administrative contact information in a timely manner.
- Designating internal personnel who are authorized to request user additions, deletions, and security level changes.
- Managing the user access controls for provisioning and deprovisioning user accounts. This includes enforcement of password policies, management of shared accounts, and authorization approvals.
- Restricting administrative privileges to approved need-to-know personnel.
- Securely managing the connectors including confidential management of account credentials, disabling connections no longer required, and managing need-to-know access to shared account information.
- Understanding and defining data storage requirements. Securely configuring any EFSS systems or other systems where files are eventually stored.
- Managing the confidentiality and integrity of the distribution of authentication tokens used to start component workflows.
- Managing the need-to-know and least privilege when sharing workflows.