Navigator is a cloud-based system. This means customer data is accessible over the internet and must be protected against theft, ransomware, or service disruption. Strong security and disaster recovery measures safeguard customer information and ensure business continuity, even in the event of major system failure.
Overview
The Navigator system is built around a secure database hosted in the Navigator data centre. Access is provided through:
Navigator Windows client on user PCs.
Mobile apps.
Web services.
Physical Security
The Navigator data centre is operated by a third-party provider in the UK.
Rated as a Level 4 facility.
ISO27001 certified.
Access controlled through two-factor authentication and security codes.
Data Storage and Separation
Data is stored in multiple separate databases for performance and isolation.
Data is encrypted both at rest and in transit.
Servers are not directly exposed to the internet. Outbound access is controlled by firewalls.
Data Transport and Access
Secure HTTPS connections with the latest TLS protocols protect data in transit.
Legacy services exist for limited reporting but never contain customer information.
Access is validated by API keys:
User-based keys generated at login.
Generic API keys for web services and apps.
A third-party proxy service (Cloudflare) hides the data centre’s internet location and protects against denial-of-service attacks.
User PCs
The Navigator client does not store data locally on PCs.
Users may export data to text or spreadsheets. Responsibility for securing exported files rests with the end user.
Backups
Each customer database is backed up nightly.
Backups are encrypted and stored in a secure UK-based cloud service certified to ISO27001.
Backup retention:
7 days for daily backups.
12 months for end-of-month backups.
Associated files (such as images and documents) are also stored in the cloud and encrypted by the provider.
Cyber Security Processes
Documented response plans exist for suspected hacks.
Steps include:
Immediate restriction of data centre access.
Investigation and remediation.
Restoration from backups if required.
A contracted third-party cyber security service provides rapid expert support.
Disaster Recovery
In the event of catastrophic failure, infrastructure is rebuilt by our third-party data centre partner.
Data is restored from the latest available backups.
Full recovery may take several days if the data centre is destroyed by cyber or physical attack.
Access to the Data Centre
Only Navigator support staff have access via VPN and secure tools.
Authentication uses Microsoft Azure Single Sign-On.
Access rights are managed through:
Onboarding and exit processes.
Regular audits to ensure staff have only the permissions required.
Further Information
For questions regarding Navigator’s security or disaster recovery processes, please contact your Customer Success Manager.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article