To ensure that NOAH’s security posture is robust and fit for purpose, we adhere to the UK’s National Cyber Security Centre’s Cloud Security Principles and apply these to our service partners as well.
NOAH has aligned security and privacy policies with globally recognized standards such as ISO27001, GDPR, PCIDSS, PSD2 and NIST among others and will create an operational regime that regularly tests and audits alignment with these standards.
The Principle of Least Privilege states that a subject should be given only those privileges needed for it to complete its task.
Defense in Depth (DiD) is an approach to cybersecurity in which a series of defensive mechanisms are layered in order to protect valuable data and information.
A Zero Trust security strategy demands rigorous application and network security with identity, authentication, and authorization being consistently applied across all information assets and endpoints.
At NOAH, we chose Ephemeral Key Cryptography (EKC) for our wallet and server side Multi-Party Computation (MPC) for digital asset management. In combination, this provides just the right balance between sovereignty and utility for the broadest range of use cases.Learn More
The NOAH Wallet will support full Strong Customer Authentication (SCA) in alignment with the Payment Service Directive 2 (PSD2).Learn More
At NOAH, we use PII data scrubbing to remove personally identifying information in our stored logs.
4.The Extra Mile
Scheduled automated penetration testing to probe NOAH API endpoints and servers for vulnerabilities.
WAF on NOAH API endpoints and our content delivery network, to protect API endpoints from abuse and DDoS attacks.
AWS backbone internal network for communication between the NOAH Core and NOAH Lightning nodes for a more reliable and secure connection.
Third party blockchain analysis to prevent transactions related to criminal activity.Learn More
Quantum ledger database to keep an auditable historic record of every transaction which can be cryptographically verified.
The NOAH Digital Asset Management Platform (DAMP) is deployed to Amazon Web Services (AWS). NOAH’s DAMP utilizes a broad range of Amazon services that not only serve to harden security posture but monitor platforms in real-time to help detect and prevent intrusion, DDOS attacks, and even internal bad actors attempting to subvert our security controls.
5.Legal and Regulatory
- The Computer Misuse Act 1990
- Data Protection Act 2018
- General Data Protection Regulation 2016
- The Freedom of Information Act 2000
- Regulation of Investigatory Powers Act 2000
- Copyright, Designs and Patents Act 1988
- Defamation Act 1996
- Obscene Publications Act 1959
- Protection of Children Act 1978
- Criminal Justice Act 2003
- Digital Economy Act 2010