How Navan Securely Handles Customer Data

The US English Security Policy prevails. This UK English version is only a courtesy translation. Please find the US English Security Policy here.

Last updated February 7, 2023

Industry Standard Security

State-of-the-art encryption

Navan’s clients’ data is transferred using multi-layered security, highly secure networks and Transport Layer Security (TLS 1.2+) encryption for data ‘in-transit’. Sensitive data ‘at-rest’ in storage is encrypted using the Advanced Encryption Standard (AES-256-GCM), the current industry standard for modern commercial business applications.

Data centre security

Navan’s client data is stored in highly secure AWS cloud-hosted data centres located in multiple regional availability zones to support Navan platforms and apps. AWS data centre facilities use innovative secure architectural engineering methodologies, built from decades of experience designing, constructing, and operating large-scale highly reliable commercial data centres, which is directly applied to Navan’s platform, and infrastructure.

Multi-factor authentication (MFA)

Access to Navan’s networks, business systems, and client data in AWS cloud-hosted data centres requires the use of Multi-Factor Authentication (MFA) and Single Sign-on (SSO) credentials managed by Navan Information Technology Services Operations (ITSO) department.

Real-time audit log

Navan maintains real-time logs of data changes made by administrators, customers, employees and Navan systems. Navan's security, support and engineering teams constantly strive to keep clients' data as safe as possible at all times.

3rd party testing

Navan’s website, micro-services and Application Programming Interfaces (APIs) are regularly subjected to vulnerability and penetration testing, security scans, threat detection and security assessment testing by cyber security professionals.

High Availability Infrastructure

Uptime

Navan’s AWS cloud-hosted architecture and use of contemporary technology ensures the availability of client information, with client data access and security being of the highest business priority.

Redundancy

Navan’s product architecture and daily source code deployments are designed for resiliency, and maintaining continual functionality and availability.

Recoverability

Navan performs backups multiple times a day, and stores backups in multiple secure remote locations, as part of Navan’s disaster recovery plan.

Questions?

Contact Navan using this web form or by calling corporate sales for more information +1 (888) 505-8747.