Security

• SOC 2 Type II — annually audited
• ISO/IEC 27001 — information security management
• ISO/IEC 27037 — digital evidence handling
• NIST SP 800-86 — forensic examination of digital evidence
• GDPR compliant (EU/EEA data residency available)

All data at rest is encrypted with AES-256. All data in transit uses TLS 1.3. Evidence files are SHA-256 hashed at ingest and at every access — any tampering is immediately detectable.

NOVE enforces role-based access control (RBAC) with principle of least privilege. Multi-factor authentication is required for all accounts. Session tokens are short-lived and rotate on each request.

We engage independent third-party penetration testers annually. Summary reports are available to enterprise customers under NDA.

We operate a responsible disclosure programme. Report vulnerabilities to [email protected]. We commit to acknowledging reports within 48 hours and to coordinated disclosure.

NOVE runs on dedicated infrastructure with network segmentation, Web Application Firewall (ModSecurity with OWASP Core Rule Set), DDoS mitigation, and immutable audit logging. Air-gap and on-premises deployment options are available for classified environments.