uniFLOW Online
uniFLOW Online
uniFLOW Online
uniFLOW Online Express
Compliance and certification
NT-ware as well as the Microsoft Azure platform comply with many industry standards and regulations to help keep your data safe. NT-ware’s commitment to learning and certification help us get the most out of the powerful platform.
Employee certification and education
Canon INC and NT-ware - as part of the Canon Group - are members of the global Microsoft Enterprise Skills Initiative (ESI). NT-ware employees have free access to the Microsoft learning platform (Learner Experience Portal) and Microsoft-delivered, instructor-led, advanced role-based training to develop skills and retrieve Microsoft Azure and Microsoft security related certifications for different certification levels from fundamental to expert level. NT-ware employees benefit individually from certification by gaining international recognition as experts in Microsoft Azure and enhancing their professional credentials.
In addition to the Microsoft Enterprise Skills Initiative employees can take part in Microsoft Cloud Skills Challenges to extend their knowledge and skills on various Microsoft Azure topics.
NT-ware also offers learning and skills development into every employee’s personal improvement plan utilizing systems such as Pluralsight and other industry-related education platforms and certifications. These qualifications help NT-ware employees to stay current with cloud technologies, secure development and IT security.
Microsoft compliance
uniFLOW Online is a 100% SaaS platform built on Microsoft Azure. The Microsoft Azure data centers hosting uniFLOW Online meet a broad set of international as well as regional and industry-specific compliance standards e.g. ISO 27001, ISO/IEC 28018, EU Model Clauses, MTCS, FedRAMP, SOC 1 and SOC 2. Compliance to these standards is verified by third party audits and the results are available on the Microsoft Azure website. Please review the links below for Microsoft’s complete compliance offering.
NT-ware compliance
NT-ware Systemprogrammierungs-GmbH is certified according to the international standards ISO/IEC 27001:2022 & ISO/IEC 27017:2015. By attaining ISO 27001 & ISO 27017, NT-ware can confirm its security processes have been third-party certified to internationally recognized standards. These standards demonstrate NT-ware’s commitment to information security within the company and our online service offering:
ISO/IEC 27001:2022
- Security – reviewing and enforcing industry standards
- Confidentiality – ensuring that information is accessible only to those authorized to have access
- Integrity – safeguarding the accuracy and completeness of information and processing methods
- Availability – ensuring that authorized users have access to information when needed
ISO/IEC 27017:2015
- Administration – operations and procedures associated with the cloud environment
- Responsibility – NT-ware as a cloud service provider and customer of cloud services
- Security and Privacy – handling of data, assets and the management of cloud resources
Please find the online certificates and the scope of our ISO/IEC 27001:2022 & ISO/IEC 27017:2015 certifications in the BSI client directory.
The international standard ISO 14001 defines requirements for an environmental management system and guides an organization on how it can improve its environmental performance, meet legal and other obligations and achieve environmental goals. NT-ware, as part of the Canon Group, has been assessed and certified as meeting the requirements of ISO 14001:2015.
NT-ware ensures that our business practices and any product features follow strict guidelines under the General Data Protection Regulations (GDPR). Our GDPR readiness and handling of data subject to this standard is reviewed at least annually.
The Federal Risk and Management Program (FedRAMP) is a cybersecurity risk management program for the purchase and use of cloud products and services. FedRAMP is a certification that helps U.S. government agencies and many public sector companies to identify technology that can support a rapidly evolving work environment while addressing security and control requirements. Canon Office Cloud Print Management Solution has achieved moderate-level FedRAMP authorization. uniFLOW Online is part of the Canon Office Cloud Print Management Solution and FedRAMP compliant for the U.S. deployment only.
What is PCI compliance?
The Payment Card Industry Data Security Standard (PCI DSS) is a mandatory standard followed by card schemes to increase control over cardholder data to reduce the risk of fraud. PCI DSS assessment and certification is important in any form of cyber defense where credit card information is handled.
uniFLOW Server and uniFLOW Online cloud service can be integrated into payment gateways, such as PayPal™, providing a simple and secure way for users to top up their print and copy accounts budget without processing or storing credit card data. All the credit card gateways supported by uniFLOW Online cloud service offer an integration architecture that uses URL redirect to direct the user to the payment gateway website. Users performing budget top-ups will be redirected to the payment provider site to complete the transaction. The result of the transition is returned only, confirming the payment was successful or rejected.
Scope of PCI DSS requirements:
PCI DSS requirements apply to the cardholder data environment (CDE), which is comprised of:
- System components, people, and processes that store, process, and transmit cardholder data and/or sensitive authentication data, and,
- System components that may not store, process, or transmit CHD Card Holder Date/SAD Sensitive Authentication Data but have unrestricted connectivity to system components that store, process, or transmit CHD/SAD.
PCI DSS requirements also apply to system components, people, and processes that could impact the security of the CDE.
Will uniFLOW Online or uniFLOW Server ever process card data?
No. uniFLOW Online and uniFLOW Server never collect, process, or store any card data. Neither credit card data (card numbers, CVNs, expiry dates) nor payment details are ever passed to or held by our solution. All credit card processing and user interaction occur ONLY on the payment provider’s site via URL redirect.
PCI considerations for uniFLOW Server:
The PCI requirement for an on-premise installation is the end customer's responsibility. uniFLOW Server does not meet the ‘PCI DSS Requirement Scope’ however, customers may be asked to evidence the security of their network and services that can impact the overall security of the card transaction process. NT-ware recommends any customer being asked to prove or contribute to a PCI Compliance audit to work with a Qualified Security Assessor (QSA) to assist in completing a SAQ A self-assessment. Should you require further information on the uniFLOW Server installation to complete the SAQ A self-assessment, please contact your Canon and Canon Business partner representative.
PCI considerations for uniFLOW Online:
uniFLOW Online uses the same URL redirection method mentioned above for uniFLOW Server. Equally, uniFLOW Online never collects, processes, transmits, or stores CHD/SAD with a payment provider's CDE. uniFLOW Online is hosted by NT-ware, and hence, the environment is the responsibility of NT-ware.
- NT-ware has completed the SAQ A self-assessment for our online environment; this can be requested via our support channel and provided under NDA.
- NT-ware adheres to strong coding and development practices; further details can be found here: Security - uniFLOW Online.
- Independent PEN testing is carried out on our server and cloud product offering. PEN testing is performed four times a year on new feature released and scheduled components. PEN testing by customers is encouraged by NT-ware, please check under our Security section for details.