Noru Logo

Noru Trust Center

Live monitoring by Noru
Last updated Oct 12, 2025

Our security commitment

Built on trust. Secured by design.

At Noru, we believe that trust is earned through transparency and a relentless commitment to security. Every product decision, line of code, and operational policy is guided by a security-first mindset. From data encryption and access controls to continuous monitoring and independent audits, we ensure that protection is not an afterthought—it’s the foundation.

We understand that our customers rely on Noru to safeguard their most critical data. That’s why we go beyond compliance standards to implement best-in-class security practices across our infrastructure and organization. Our mission is simple: empower our users to innovate with confidence, knowing their information is secure, private, and always under their control.

Report a vulnerabilityPrivacy Policy

Overview

GDPRGDPR
Monitored by Noru
ISO 27001ISO 27001
Monitored by Noru
ISO 27002ISO 27002
Monitored by Noru
146
Controls
0
Resources

Compliance

Industry standards and regulatory compliance status

GDPR

GDPR

General Data Protection Regulation (GDPR)

Monitored by Noru
ISO 27001

ISO 27001

ISO/IEC 27001:2022

Monitored by Noru
ISO 27002

ISO 27002

ISO/IEC 27002:2022

Monitored by Noru

Controls

Implemented across all categories

Asset Management

4 controls
Inventory Labels
Media Marking
Asset Transportation Authorization

Business Continuity

4 controls
Continuity Testing
Business Impact Analysis
Capacity Forecasting

Backup Management

2 controls
Backup Configuration
Resilience Testing

Configuration Management

4 controls
Baseline Configuration Standard
Configuration Checks
Time Clock Synchronization

Change Management

2 controls
Change Management Workflow
Change Approval

Cryptography

4 controls
Approved Cryptographic Technology
Key Repository Access
Software Signing

Data Management

6 controls
Data Classification Criteria
Data Inventory
Test Data Sanitization

Entity Management

8 controls
Board of Directors Structure and Purpose
Audit Committee
Organizational Structure

Identity and Access Management

11 controls
Logical Access Provisioning
Logical Access Review
Unique Identifiers

Incident Response

7 controls
Incident Response Plan
Incident Response
Incident Reporting Contact Information

Mobile Device Management

3 controls
Mobile Device Enrollment
Mobile Device Encryption
Configuration Management: Mobile Devices

Network Operations

4 controls
Network Policy Enforcement Points
Inbound and Outbound Network Traffic: DMZ Requirements
Network Segmentation

Security Governance

14 controls
Proprietary Rights Agreement
Information Security Program Content
Procedures

People Resources

5 controls
Background Checks
Organization Property Collection
Disciplinary Process

Privacy

28 controls
Privacy Program Review
PII Processing Agreements
Record of Processing Activity

Proactive Security

2 controls
Threat Hunting
Adversary Intelligence

Risk Management

10 controls
Service Risk Rating Assignment
Risk Assessment
Continuous Monitoring

Service Lifecycle

1 controls
Service Lifecycle Workflow

Systems Monitoring

3 controls
Audit Logging
System Security Monitoring
System Availability Monitoring

Site Operations

8 controls
Secured Facility
Physical Protection and Positioning of Cabling
Provisioning Physical Access

Training and Awareness

6 controls
General Security Awareness Training
Developer Security Training
Payment Card Processing Security Awareness Training

Third-Party Management

5 controls
Third-Party Assurance Review
Vendor Risk Management
Vendor Non-disclosure Agreements

Vulnerability Management

4 controls
Vulnerability Scans
Enterprise Antivirus
Code Security Check

System Design Documentation

1 controls
Standardized Terminology

Subprocessors

Third-party service providers and their compliance status

Google Cloud Platform

Other

A suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products.