
Software Security Statement (SSS) Disclaimer SYNAXIOM does not distribute NIVOMAX Viewer setup files directly to end users. To obtain the necessary setup files, users must download a copy directly from the Technical Publications Supplier's NIVOMAX Self Serve portal, subsequent to agreeing to the terms and conditions stipulated therein. The Technical Publication Supplier, possessing a valid Distribution ID for their copy of the NIVOMAX Applications, is the sole distributor. Access to and use of the NIVOMAX Viewer is contingent upon the purchase of a Data License for a digital product from the Technical Publications Supplier. The digital product downloaded will function exclusively with the viewer provided by the respective Supplier. Users are advised that the distribution of NIVOMAX Viewer setup files may be governed by applicable export control regulations depending on their region. Licensing It is not necessary for end-users to purchase a separate NIVOMAX license. The Technical Publications Supplier from whom you have acquired your Data License has already procured the requisite licenses from SYNAXIOM. By extending an invitation, they include you within their authorized user pool, as permitted under their NIVOMAX license agreement. You are authorized to use the NIVOMAX software provided the Technical Publications Supplier maintains a valid NIVOMAX software license. Confidentiality This document (“Document”) contains confidential and proprietary information owned by SYNAXIOM Inc. (“SYNAXIOM”). No part of this Document may be reproduced, copied, or distributed in any form or by any means without the prior written permission of SYNAXIOM Inc. Unauthorized use, disclosure, or reproduction of this Document is strictly prohibited. Any third-party intellectual property mentioned herein is the property of their respective owners, and such mention is for informational purposes only and does not imply any association with or endorsement by the owners. This page must not be removed before distributing the document. It must remain present in all shared copies to ensure proper communication and compliance. Software Security Statement (SSS) Last Updated on August 1, 2024 \| 4 min read This Software Security Statement (“SSS”) pertains solely to the security measures implemented within the NIVOMAX software by SYNAXIOM as of July 29, 2024. The security analysis provided herein is applicable only to the NIVOMAX software versions listed below and does not extend or apply to the hosting infrastructure, middleware, the authentication Identity Provider (IdP), or the devices utilized by end-users and/or their respective operating networks/environments. An “ePubs Supplier” refers to the organization responsible for distributing the NIVOMAX software to the end user. This supplier handles the sale of licenses for their digital technical publications products viewed using the NIVOMAX Viewer software. Security is a shared responsibility While SYNAXIOM is committed to the continued security of NIVOMAX by implementing industry best practices, we encourage users, administrators, and other stakeholders to adopt and maintain appropriate security measures on their respective devices and infrastructures to ensure comprehensive protection. Commitment to Security SYNAXIOM is dedicated to ensuring the security and integrity of our software products. This statement outlines our commitment to robust security measures and transparency. Scope and Validity This SSS reflects the security measures in place as of July 29, 2024. Due to the evolving nature of technology and security threats, updates to our security protocols and policies may occur. The security statuses mentioned apply solely to the versions listed at the end of this document and as of the date stated. Security Assessments Threats are assessed as Severe, Critical, and Moderate. The NIVOMAX software versions mentioned have undergone comprehensive security scans and are confirmed to be free of Severe, Critical, and Moderate vulnerabilities as of July 29, 2024, based on scans conducted using industry-recognized tools and adhering to best practices. Future Updates and Communication Users should refer to newer Software Security Statements released by SYNAXIOM for the most current information regarding the security of NIVOMAX and necessary upgrades. SYNAXIOM reserves the right to modify and update security measures as deemed necessary for the protection of our software and users’ data. Security Measures Development Throughout the NIVOMAX product development life cycle, SYNAXIOM follows various processes to ensure the highest level of security for both the application and data. The development team operates in a controlled environment with limited permissions, and each code commit undergoes a thorough validation process. Vulnerability Detection We conduct recurring scans on frameworks and libraries used by NIVOMAX against known vulnerabilities before each new release and on a daily basis on the most recent official release, utilizing industry-recognized scanning tools and releasing patches when vulnerabilities are identified. Authentication NIVOMAX utilizes single sign-on authentication to eliminate the need for usernames or passwords, ensuring no handling or storing of any user credentials. Authorization Information received from IDP is securely stored within the OEM’s on-premise infrastructure, facilitating seamless authorization and retrieval of subscription and data license entitlements for users. Connections Installed NIVOMAX applications connect only to your ePubs Suppliers ePubs service domain eg. ‘super-pubs.aviation-company.com’ solely for user profile and subscription information retrieval. The application is not designed to connect to any other servers or resources. Logfiles Application logs are maintained locally, and users may be requested to send them via email for troubleshooting user-specific issues or clear them at their discretion. No log files are automatically shared with SYNAXIOM or the ePubs Supplier. Compliance Standards While SYNAXIOM’s security practices are aligned with the ISO/IEC 27001 standard for Secure Software Development Life Cycle, showcasing our dedication to systematic information security management, it is important to note that we are not certified as of the date of this document. Our commitment to these standards reflects our continuous improvement philosophy but does not imply certification. User Involvement If users encounter security concerns or vulnerabilities while using our software, they are encouraged to report them promptly to support@synaxiom.com. SYNAXIOM takes every report seriously and is committed to addressing and resolving issues promptly. This statement serves as a snapshot of our security practices as of the date indicated above. Document Details Statement ID: NVM-23022024-004 Date: July 29, 2024 NIVOMAX Platform Versions / Platform Version: 2 Self-Serve Portal: v3.1.0 Backend / v3.0.3 Frontend Subscription Access Manager Service: v2.0.03 Authentication Broker: v2.0.01 Viewer: v3.4.2 Builder: v3.1.0 Backend / v3.0.1 Frontend For the latest documentation on this and other important topics, please refer to the NIVOMAX Help Center. The NIVOMAX Help Center is your primary resource for up-to-date information, guidelines, and self-serve support for NIVOMAX. This document also has an online version which may be more up-to-date.

Software Security Statement (SSS)

Disclaimer

SYNAXIOM does not distribute NIVOMAX Viewer setup files directly to end users. To obtain the necessary setup files, users must download a copy directly from the Technical Publications Supplier's NIVOMAX Self Serve portal, subsequent to agreeing to the terms and conditions stipulated therein. The Technical Publication Supplier, possessing a valid Distribution ID for their copy of the NIVOMAX Applications, is the sole distributor. Access to and use of the NIVOMAX Viewer is contingent upon the purchase of a Data License for a digital product from the Technical Publications Supplier. The digital product downloaded will function exclusively with the viewer provided by the respective Supplier. Users are advised that the distribution of NIVOMAX Viewer setup files may be governed by applicable export control regulations depending on their region.

Licensing

It is not necessary for end-users to purchase a separate NIVOMAX license. The Technical Publications Supplier from whom you have acquired your Data License has already procured the requisite licenses from SYNAXIOM. By extending an invitation, they include you within their authorized user pool, as permitted under their NIVOMAX license agreement. You are authorized to use the NIVOMAX software provided the Technical Publications Supplier maintains a valid NIVOMAX software license.

Confidentiality

This document (“Document”) contains confidential and proprietary information owned by SYNAXIOM Inc. (“SYNAXIOM”). No part of this Document may be reproduced, copied, or distributed in any form or by any means without the prior written permission of SYNAXIOM Inc. Unauthorized use, disclosure, or reproduction of this Document is strictly prohibited. Any third-party intellectual property mentioned herein is the property of their respective owners, and such mention is for informational purposes only and does not imply any association with or endorsement by the owners.

This page must not be removed before distributing the document. It must remain present in all shared copies to ensure proper communication and compliance.

Software Security Statement (SSS)

Last Updated on August 1, 2024 | 4 min read

This Software Security Statement (“SSS”) pertains solely to the security measures implemented within the NIVOMAX software by SYNAXIOM as of July 29, 2024. The security analysis provided herein is applicable only to the NIVOMAX software versions listed below and does not extend or apply to the hosting infrastructure, middleware, the authentication Identity Provider (IdP), or the devices utilized by end-users and/or their respective operating networks/environments.

An “ePubs Supplier” refers to the organization responsible for distributing the NIVOMAX software to the end user. This supplier handles the sale of licenses for their digital technical publications products viewed using the NIVOMAX Viewer software.

Security is a shared responsibility

While SYNAXIOM is committed to the continued security of NIVOMAX by implementing industry best practices, we encourage users, administrators, and other stakeholders to adopt and maintain appropriate security measures on their respective devices and infrastructures to ensure comprehensive protection.

Commitment to Security

SYNAXIOM is dedicated to ensuring the security and integrity of our software products. This statement outlines our commitment to robust security measures and transparency.

Scope and Validity

This SSS reflects the security measures in place as of July 29, 2024. Due to the evolving nature of technology and security threats, updates to our security protocols and policies may occur. The security statuses mentioned apply solely to the versions listed at the end of this document and as of the date stated.

Security Assessments

Threats are assessed as Severe, Critical, and Moderate. The NIVOMAX software versions mentioned have undergone comprehensive security scans and are confirmed to be free of Severe, Critical, and Moderate vulnerabilities as of July 29, 2024, based on scans conducted using industry-recognized tools and adhering to best practices.

Future Updates and Communication

Users should refer to newer Software Security Statements released by SYNAXIOM for the most current information regarding the security of NIVOMAX and necessary upgrades. SYNAXIOM reserves the right to modify and update security measures as deemed necessary for the protection of our software and users’ data.

Security Measures

Development

Throughout the NIVOMAX product development life cycle, SYNAXIOM follows various processes to ensure the highest level of security for both the application and data. The development team operates in a controlled environment with limited permissions, and each code commit undergoes a thorough validation process.

Vulnerability Detection

We conduct recurring scans on frameworks and libraries used by NIVOMAX against known vulnerabilities before each new release and on a daily basis on the most recent official release, utilizing industry-recognized scanning tools and releasing patches when vulnerabilities are identified.

Authentication

NIVOMAX utilizes single sign-on authentication to eliminate the need for usernames or passwords, ensuring no handling or storing of any user credentials.

Authorization

Information received from IDP is securely stored within the OEM’s on-premise infrastructure, facilitating seamless authorization and retrieval of subscription and data license entitlements for users.

Connections

Installed NIVOMAX applications connect only to your ePubs Suppliers ePubs service domain eg. ‘super-pubs.aviation-company.com’ solely for user profile and subscription information retrieval. The application is not designed to connect to any other servers or resources.

Logfiles

Application logs are maintained locally, and users may be requested to send them via email for troubleshooting user-specific issues or clear them at their discretion. No log files are automatically shared with SYNAXIOM or the ePubs Supplier.

Compliance Standards

While SYNAXIOM’s security practices are aligned with the ISO/IEC 27001 standard for Secure Software Development Life Cycle, showcasing our dedication to systematic information security management, it is important to note that we are not certified as of the date of this document. Our commitment to these standards reflects our continuous improvement philosophy but does not imply certification.

User Involvement

If users encounter security concerns or vulnerabilities while using our software, they are encouraged to report them promptly to support@synaxiom.com. SYNAXIOM takes every report seriously and is committed to addressing and resolving issues promptly.

This statement serves as a snapshot of our security practices as of the date indicated above.

Document Details

Statement ID: NVM-23022024-004

Date: July 29, 2024

NIVOMAX Platform Versions / Platform Version: 2

Self-Serve Portal: v3.1.0 Backend / v3.0.3 Frontend
Subscription Access Manager Service: v2.0.03
Authentication Broker: v2.0.01
Viewer: v3.4.2
Builder: v3.1.0 Backend / v3.0.1 Frontend

For the latest documentation on this and other important topics, please refer to the NIVOMAX Help Center. The NIVOMAX Help Center is your primary resource for up-to-date information, guidelines, and self-serve support for NIVOMAX.

This document also has an online version which may be more up-to-date.

Help Center

My Group: This user has no roles.

My Distribution ID: Please log in to see your distribution ID.

Explore This Section

My Group: This user has no roles.

My Distribution ID: Please log in to see your distribution ID.

Software Security Statement (SSS)

Disclaimer

Licensing

Confidentiality

Software Security Statement (SSS)

Last Updated on August 1, 2024 | 4 min read

Security is a shared responsibility

Commitment to Security

Scope and Validity

Security Assessments

Future Updates and Communication

Security Measures

Development

Vulnerability Detection

Authentication

Authorization

Connections

Logfiles

Compliance Standards

User Involvement

Document Details

NIVOMAX Platform Versions / Platform Version: 2

Guides