Security First.
We all have enough to worry about. Your money shouldn’t be one of those things.At NOAH, we take security seriously. If it’s your money, you need to be able to trust that it will be there tomorrow. So the only person who has full control over your money is you — not your bank. Like how it should be.
Contents
Security Posture
Information and technology relating to the business of NOAH are highly valuable assets which require protection from unauthorized use, disclosure, theft, alteration or destruction.Effective information security management enables information to be collected, processed, and shared for the purposes of conducting business whilst managing the associated risks within the risk appetite of the company and in compliance with relevant regulation and legislation.
To ensure that NOAH’s security posture is robust and fit for purpose, we adhere to the UK’s National Cyber Security Centre’s Cloud Security Principles and apply these to our service partners as well.
NOAH has aligned security and privacy policies with globally recognized standards such as ISO27001, GDPR, PCIDSS, PSD2 and NIST among others and will create an operational regime that regularly tests and audits alignment with these standards.
To ensure that NOAH’s security posture is robust and fit for purpose, we adhere to the UK’s National Cyber Security Centre’s Cloud Security Principles and apply these to our service partners as well.
NOAH has aligned security and privacy policies with globally recognized standards such as ISO27001, GDPR, PCIDSS, PSD2 and NIST among others and will create an operational regime that regularly tests and audits alignment with these standards.
Best Practices
NOAH adheres to the UK’s National Cyber Security Centre’s Cloud Security Principles with respect to the selection of cloud service providers.These principles are available here. We also follow industry-leading best practices: Least Privilege, Defense in Depth, and Zero Trust.
Least PrivilegeThe Principle of Least Privilege states that a subject should be given only those privileges needed for it to complete its task.
Defense in DepthDefense in Depth (DiD) is an approach to cybersecurity in which a series of defensive mechanisms are layered in order to protect valuable data and information.
Zero TrustA Zero Trust security strategy demands rigorous application and network security with identity, authentication, and authorization being consistently applied across all information assets and endpoints.
Account Security
Keeping your account safe is our number one priority.
CryptographyAt NOAH, we chose Ephemeral Key Cryptography (EKC) for our wallet and server side Multi-Party Computation (MPC) for digital asset management. In combination, this provides just the right balance between sovereignty and utility for the broadest range of use cases. Learn More
WalletThe NOAH Wallet will support full Strong Customer Authentication (SCA) in alignment with the Payment Service Directive 2 (PSD2).Learn More
Data SecurityAt NOAH, we use PII data scrubbing to remove personally identifying information in our stored logs.
The Extra Mile
At NOAH, we go the extra mile to make sure your assets are secure.
Penetration testingScheduled automated penetration testing to probe NOAH API endpoints and servers for vulnerabilities.
Web Application FirewallWAF on NOAH API endpoints and our content delivery network, to protect API endpoints from abuse and DDoS attacks.
Network SecurityAWS backbone internal network for communication between the NOAH Core and NOAH Lightning nodes for a more reliable and secure connection.
ScorechainThird party blockchain analysis to prevent transactions related to criminal activity.Learn More
QLDBQuantum ledger database to keep an auditable historic record of every transaction which can be cryptographically verified.
Digital Asset Management PlatformThe NOAH Digital Asset Management Platform (DAMP) is deployed to Amazon Web Services (AWS). NOAH’s DAMP utilizes a broad range of Amazon services that not only serve to harden security posture but monitor platforms in real-time to help detect and prevent intrusion, DDOS attacks, and even internal bad actors attempting to subvert our security controls.
Legal and Regulatory
NOAH has a responsibility to abide by and adhere to all current UK and EU legislation as well as a variety of regulatory and contractual requirements.Relevant legislation includes:
- The Computer Misuse Act 1990
- Data Protection Act 2018
- General Data Protection Regulation 2016
- The Freedom of Information Act 2000
- Regulation of Investigatory Powers Act 2000
- Copyright, Designs and Patents Act 1988
- Defamation Act 1996
- Obscene Publications Act 1959
- Protection of Children Act 1978
- Criminal Justice Act 2003
- Digital Economy Act 2010