NT-ware as well as the Microsoft Azure platform comply with many industry standards and regulations to help keep your data safe. NT-ware’s commitment to learning and certification help us get the most out of the powerful platform.
Employee certification and education
Canon INC and NT-ware - as part of the Canon Group - are members of the global Microsoft Enterprise Skills Initiative (ESI). NT-ware employees have free access to the Microsoft learning platform (Learner Experience Portal) and Microsoft-delivered, instructor-led, advanced role-based training to develop skills and retrieve Microsoft Azure and Microsoft security related certifications for different certification levels from fundamental to expert level. NT-ware employees benefit individually from certification by gaining international recognition as experts in Microsoft Azure and enhancing their professional credentials.
In addition to the Microsoft Enterprise Skills Initiative employees can take part in Microsoft Cloud Skills Challenges to extend their knowledge and skills on various Microsoft Azure topics.
NT-ware also offers learning and skills development into every employee’s personal improvement plan utilizing systems such as Pluralsight and other industry-related education platforms and certifications. These qualifications help NT-ware employees to stay current with cloud technologies, secure development and IT security.
Microsoft compliance
uniFLOW Online is a 100% SaaS platform built on Microsoft Azure. The Microsoft Azure data centers hosting uniFLOW Online meet a broad set of international as well as regional and industry-specific compliance standards e.g. ISO 27001, ISO/IEC 27018, EU Model Clauses, MTCS, FedRAMP, SOC 1 and SOC 2. Compliance to these standards is verified by third party audits and the results are available on the Microsoft Azure website. Please review the links below for Microsoft’s complete compliance offering.
NT-ware compliance
NT-ware Systemprogrammierungs-GmbH is certified according to the international standards ISO/IEC 27001:2022 & ISO/IEC 27017:2015. By attaining ISO 27001 & ISO 27017, NT-ware can confirm its security processes have been third-party certified to internationally recognized standards. These standards demonstrate NT-ware’s commitment to information security within the company and our online service offering:
ISO/IEC 27001:2022
ISO/IEC 27017:2015
Please find the online certificates and the scope of our ISO/IEC 27001:2022 & ISO/IEC 27017:2015 certifications in the BSI client directory.
SOC 2 is a widely recognized standard for service organizations, particularly those operating in the cloud, to ensure they effectively manage and protect customer data. At NT-ware, we adhere to these standards to uphold our commitment to security and data protection. The SOC 2 Type 1 report evaluates the design and implementation of these controls at a specific point in time. The report is issued in accordance with the standards established by the American Institute of Certified Public Accountants (AICPA).
The SOC 2 Type 1 report for NT-ware Systemprogrammierungs-GmbH was conducted by an independent external auditor and assesses compliance with the Trust Services Criteria, a set of standards covering all five domains.
Our full SOC 2 Type 1 report can be requested through Canon and Canon business partners via the NT-ware Customer Portal and is provided under a non-disclosure agreement (NDA).
The international standard ISO 14001 defines requirements for an environmental management system and guides an organization on how it can improve its environmental performance, meet legal and other obligations and achieve environmental goals. NT-ware, as part of the Canon Group, has been assessed and certified as meeting the requirements of ISO 14001:2015.
NT-ware ensures that our business practices and any product features follow strict guidelines under the General Data Protection Regulations (GDPR). Our GDPR readiness and handling of data subject to this standard is reviewed at least annually.
The Federal Risk and Management Program (FedRAMP) is a cybersecurity risk management program for the purchase and use of cloud products and services. FedRAMP is a certification that helps U.S. government agencies and many public sector companies to identify technology that can support a rapidly evolving work environment while addressing security and control requirements. Canon Office Cloud Print Management Solution has achieved moderate-level FedRAMP authorization. uniFLOW Online is part of the Canon Office Cloud Print Management Solution and FedRAMP compliant for the U.S. deployment only.
What is PCI compliance?
The Payment Card Industry Data Security Standard (PCI DSS) is a mandatory standard followed by card schemes to increase control over cardholder data to reduce the risk of fraud. PCI DSS assessment and certification is important in any form of cyber defense where credit card information is handled.
uniFLOW Online cloud service can be integrated into payment gateways, such as PayPal™, Flywire (WPM), and Quickpay, providing a simple and secure way for users to top up their print and copy accounts budget without processing or storing credit card data. All the credit card gateways supported by uniFLOW Online cloud service offer an integration architecture that uses URL redirect to direct the user to the payment gateway website. Users performing budget top-ups will be redirected to the payment provider site to complete the transaction. The result of the transition is returned only, confirming the payment was successful or rejected
Scope of PCI DSS requirements
PCI DSS requirements apply to the cardholder data environment (CDE), which is comprised of:
PCI DSS requirements also apply to system components, people, and processes that could impact the security of the CDE.
Will uniFLOW Online ever process card data?
No. uniFLOW Online never collects, processes, or stores any card data. Neither credit card data (card numbers, CVNs, expiry dates) nor payment details are ever passed to or held by our solution. All credit card processing and user interaction occur ONLY on the payment provider’s site via URL redirect.
PCI considerations for uniFLOW Online
uniFLOW Online uses the URL redirection method, uniFLOW Online never collects, processes, transmits, or stores CHD / SAD with a payment provider's CDE. uniFLOW Online is hosted by NT-ware, and hence, the environment is NT-ware's responsibility.