EventNook provides everything you need to create, manage, and grow successful events of any size.
Custom solutions for every type of event and organization, tailored to your specific needs.
More than 1,000 customers including major organizations trust EventNook with their data. This is not something we take lightly. We combine and utilize enterprise-class hosting and security features with our applications, systems, and networks to ensure customer and business data is always protected. And our customers rest easy knowing their information is safe, their interactions are secure, and their businesses are protected.
EventNook achieved ISO 27001:2022 certification, reinforcing our commitment to maintaining a robust information security management system (ISMS). Our certification covers the entire event management platform, ensuring your data is protected with enterprise-grade security controls.
EventNook is trusted by leading international and local organizations, including Microsoft, Google, S&P Global, ServiceNow, Changi Airport, Law Society of Singapore, NTUC, SingHealth, NCSS, MCCY, STB, GovTech, IMDA, Maybank, NUS, NTU, Polytechnics, and many more from Government, Finance, and Institutions sectors.
Information Security Management System certified to international standards
Full compliance with Singapore Personal Data Protection Act
Data hosted in Singapore-based Microsoft Azure data centers
Enterprise-grade encryption for all data in transit
ISO 27001 Certification
EventNook achieved ISO/IEC 27001:2022 certification on September 24, 2024, demonstrating our commitment to information security management best practices.
EventNook Platform Coverage
Our ISO 27001 certification covers the entire EventNook event management platform including:
This certification is regularly audited to ensure continuous compliance with international security standards.
Certification Date: September 24, 2024
Privacy
EventNook maintains a comprehensive privacy programme. We are continually evaluating to protect personal information of our customers.
We participate in and comply with Singapore Personal Data Protection Act (PDPA) law and GDPR.
We do not sell the personal information of our customers to third parties.
Privacy Policies:
Hosting Environment
Microsoft Azure hosts EventNook's production systems in Singapore-based data centers.
Microsoft Azure Certifications:
PCI DSS Level 1 Service Provider
ISO/IEC 27001
ISO 22301
ISO/IEC 27017:2015
ISO/IEC 27018
MTCS 584:2013 from IDA
CDSA
(CSA) STAR Self-Assessment
SOC 1, SOC 2, SOC 3
https://www.microsoft.com/en-us/trustcenter/Compliance
Location
EventNook hosts all customer data in Singapore-based Microsoft Azure data centers, ensuring data residency compliance.
Web and Mobile Application Development
EventNook is committed to designing, building and maintaining secure systems.
Web Application & Web API Security Control We utilize Microsoft ASP.NET MVC Framework security controls to limit our exposure to OWASP Top 10 security flaws. These include inherent controls that reduce our exposure to Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and SQL Injection (SQLi), among others.
In infrastructure level, we enable Microsoft antimalware in our cloud hosting machines for real time protection and regular scanning of malware.
We establish automated security auditing and threat detection in place in data storage.
In our engineering team, we provide secure code training and discussion about security. The training covers OWASP Top 10 security flaws, common attack vectors, and EventNook security controls.
No credit card information is permitted to be stored on EventNook's servers.
Use of encryption for both storage and transmission of sensitive information is regularly audited by the EventNook full-time engineering team.
All web and mobile applications are primarily developed, tested, deployed, and maintained by a full-time, in-house engineering team.
Secure Data Tier Access
Firewall and IP restriction
Our frontend application connecting with backend customer data information are tightly restricted by Firewall and only admit the IP addresses used by administrators.
Encryption
EventNook uses strong encryption methods and key management procedures to ensure your sensitive information is protected.
All credit card information is encrypted with strong industry-standard cryptographic protocols such as AES and TLS while in transit through our systems.
EventNook's website and APIs are accessible via a 256-bit SSL certificate. Credit card information is never stored after transaction authorization.
Access to encryption keys is held by the smallest number of EventNook employees possible.
Incident Response
While we don't anticipate there ever being a breach of our systems, we know that no computer system is perfectly secure.
In case of a system alert, EventNook has 24x7 monitoring of its systems and alerts in place to notify the administrators.
Access Privileges & Roles
Access to data within your EventNook is governed by access rights, and can be configured to define granular access privileges. EventNook has various permission levels for users (owner, admin, manager, analyst, etc.) to manage events.
Employee Vetting
Background Checks & Confidentiality Agreements
EventNook performs background checks on all new employees in accordance with local laws. These checks are also required to be completed for contractors. The background check includes Criminal, Education, and Employment verification.
All new hires are screened through the hiring process and required to sign Non-Disclosure and Confidentiality agreements.
Comprehensive policies ensuring trust, transparency, and compliance
Our Terms of Service define the legal agreement between users and EventNook, covering:
EventNook fosters a professional and inclusive environment through its Code of Conduct, promoting:
Violations may result in account suspension or legal action.
EventNook maintains strict ethical business practices and compliance with anti-bribery regulations.