Security at Novabench
Novabench takes security, confidentiality, and availability seriously. We have completed a SOC 2 Type 2 audit and embed secure-by-design principles throughout our software development lifecycle.
Request our SOC 2 report
Security
Designing our product securely and protecting our systems and your data from unauthorized access.
Confidentiality
Limiting the collection of confidential information, and being transparent with any data we collect and how we protect it.
Availability
Responding to incidents and keeping our systems available for our customers to use as committed.
Security in Our Products & Processes
Security is top of mind in our desktop app and cloud services
Secure-by-Design
- Novabench is limited, by design, to reduce attack surface. It's a testing tool, not a device management tool, and it cannot configure or remotely manage any system.
- The desktop application runs with minimal system permissions and uses appropriate isolation and verification techniques throughout for defence-in-depth.
- All network communication is encrypted in transit and authentication uses industry-standard protocols via AWS Cognito IDP.
Secure Development
- Every change goes through security review, automated testing, and controlled deployment gates.
- Dependencies are version-pinned, continuously monitored, and automatically scanned for vulnerabilities.
- All releases are code-signed and updates are cryptographically verified before installation.
SOC 2 Type 2 Attestation
Novabench has completed a SOC 2 Type 2 audit covering the Security, Confidentiality, and Availability trust service criteria. The third-party audit was conducted by Prescient Assurance, who evaluated both the design and operating effectiveness of our controls.
We view this report as a starting point for security conversations with customers, and as one part of an ongoing commitment to our practices. It is available to customers and prospective customers of our Team plans.
Request a copy of our SOC 2 reportControl Programs
Our security program is organized around established control domains, each with documented policies and procedures.
Access Control
Role-based access, multi-factor authentication, and least-privilege principles.
Data Encryption
Data encrypted in transit and at rest with industry-standard algorithms.
Vulnerability Management
Regular scanning, dependency management, and annual third-party penetration tests.
Change Management
Controlled releases with code review, testing, and approval gates.
Incident Response
Documented procedures with defined roles and escalation paths.
Vendor Management
Third-party vendors evaluated against security and compliance requirements.
Monitoring & Logging
Continuous monitoring with audit logging for accountability.
Business Continuity
Redundant infrastructure and disaster recovery planning.
Responsible Disclosure
We welcome responsible disclosure of security vulnerabilities. If you believe you have found a security issue in any Novabench product or service, please reach out so we can investigate and address it promptly. We are not running a bug bounty program at this time.
Report a security issuePrivacy at Novabench
Our privacy policy explains what information we collect, how we share/store/secure that information, and how to access and control your information.
Novabench limits the data it collects and can operate in a fully-offline mode.
Read the Privacy Policy