Policy Summaries
High-level summaries of NextSDS information security policies
These are public summaries of the policies that make up our Information Security Management System (ISMS). The full policy documents are part of our internal ISMS and are available to customers and auditors on request via security@nextsds.be.
Information Security Policy
The top-level policy that defines our ISMS: its scope, security objectives, governance and responsibilities, and a risk-based approach to protecting the confidentiality, integrity, and availability of information.
Access Control Policy
Access follows least privilege and need-to-know. Accounts use unique identities, single sign-on (SSO), and multi-factor authentication (MFA), with a defined account lifecycle (provisioning, review, and timely revocation).
Incident Response Plan
A documented process for detecting, triaging, and responding to security incidents, including severity levels, escalation paths, communication, and a post-incident review for significant events.
Data Classification
Information is classified as Public, Confidential, or Restricted, with handling, storage, and sharing requirements defined for each level.
Acceptable Use
Expectations for the responsible use of company systems, accounts, and data, including security obligations that apply to everyone with access.
AI Acceptable Use
Rules for the use of AI services: only approved providers, configured so that data is not used for model training and is not retained beyond processing (no-training routing and Zero Data Retention), and no restricted data placed into unapproved tools.
Disaster Recovery Plan
Recovery objectives (RTO/RPO), backup strategy, and failover procedures that keep the service resilient and recoverable.
Looking for the full policies, control implementation detail, or audit evidence? Request access to the internal ISMS documentation.