Nova Benefits Takes A Step Towards Improved Information Security Through ISO 27001 Certification

December 26th, 2022: Nova Benefits, an employee wellness platform centred around corporate health insurance receives the ISO/IEC 27001:2013 certification for its Information Security Management System.

As an employee wellness SaaS platform, Nova Benefits continues to invest in improving its security and compliance processes as a part of its ongoing journey to deliver secured employee health and wellness benefits solutions to companies across India.

We’re excited to announce the latest step in this journey: Nova Benefits has achieved ISO/IEC 27001:2013 certification for its Information Security Management System (ISMS)

What is ISMS?

ISMS is an Information Security Management System that is a documented program for designing, implementing, managing, and maintaining a security program within an organisation to protect the confidentiality, integrity, and availability of information.

What is ISO/IEC 27001?

ISO/IEC 27001 is the leading international standard, best known for information security management systems (ISMS) and its requirements. It details requirements for establishing, implementing, maintaining, and continually improving an ISMS—the aim of which is to help organisations manage information security risks in a structured and systematic way.

What does this certification mean for Nova Benefits and its clients?

The certification confirms that:

• Nova Benefits’ customer data is rigorously protected
• Nova Benefits assesses, minimises, and eliminates security risks and vulnerabilities
• Nova Benefits is compliant with the highest standard for information security
• Nova Benefits has an internal culture of security so that all employees prioritise information security by design

For our customers, the ISO 27001 certification provides the following:

• Independent confirmation that Nova Benefits’ security practices are aligned with a rigorous SaaS service standard.
• Key piece of evidence on Nova Benefits as a critical service provider for their own vendor security risk assessment process.

Certification Scope of Nova Benefits’ ISMS

The Information Security Management System at Nova Benefits is hosted as a SaaS platform that provides Health and Wellness Benefits Solutions with the Support Function of IT Infrastructure, Human Resources, Security, Legal, and Administration. Our ISMS certification scope is in accordance with the ISO 27001 standard. We have implemented controls to manage and monitor security services in a number of domains:

• Information Security Policies
• Organisation of Information Security
• Human Resource Security
• Asset Management
• Access Control
• Cryptographic Control
• Physical and Environmental Security
• Operations Management
• Communications Security
• Security acquisition, development, and maintenance
• Supplier relationships
• Information Security Incident Management
• Information Security aspects of business continuity management
• Compliance

Data Privacy

At Nova Benefits, we take our customers’ privacy very seriously. In establishing our ISMS, we have considered our clients’ requirements as well as key legislative obligations on cybersecurity and data privacy. To learn more, you can refer to our privacy policy.

What does this mean for Nova Benefits' future?

Information security is an ongoing process and the team at Nova Benefits will keep working hard to maintain and exceed its security standards to protect both company and customer data.

As a step towards our commitment to improved security, BQC will perform yearly audits to test our ISMS for continuous compliance to ISO 27001 standard.

To know more about our security and compliance processes, please visit: https://infosec.novabenefits.com/

For further queries, you can reach out to us at [email protected]