Security and certificates
Realiability and trusworthiness of the systems and services is our top priority
Nero operates in Virta's platform. Virta established Information Security Management System (ISMS) lead by Information Security Management Team. Daily security duties and activities are led by Chief Information Security Officer. Information Security Management System of Virta is ISO27001:2013 certification.
Ensuring security is continuous process and Nero has defined a risk management process to ensure the security keeps up with changing threat landscape. All risks identified are always assigned an owner and treated.
Security of online services
Nero operates in Virta's platform. Virta's publicly available customer systems are developed according Virta's internal guidelines including security requirements. For application development OWASP ASVS is used as reference and secure development training is provided for developers. All changes are reviewed before deployed and tested in test environment before taken into production use. All changes in the code can be traced back and full audit trail of changes exists.
Virta conducts regularly vulnerability scans, security assessment and penetration testing. Vulnerability scans are run automatically weekly and thorough penetration testing is done by independent cybersecurity companies against public interfaces regularly. All found issues are analyzed and appropriate fixes and mitigations are deployed.