Security

This page describes our approach to:

• running a secure service

• storing and processing your data

• protecting data in transit

• protecting data at rest

• building and managing Notify

• finding and fixing security issues

• security incidents

• sign in and API access

• protecting our website and API

• email security

• security classifications

• GOV.UK Notify staff

• suppliers

Running a secure service

NotifyNL

• follows the principles of the Open Standaard for the Dutch government

• is currently under review by Logius to become the de-facto Notification platform for the Dutch government

We regularly assess and review our security in line with:

• the OWASP guidelines en

• de NIS2-richtlijn for cybersecurity standards

We monitor the threat landscape and conduct regular penetration testing so we can:

• continue to improve our security

• deal with common threats like Distributed Denial of Service (DDoS) attacks

Storing and processing your data

NotiyNL currently uses Amazon Web Services (AWS) as our cloud service provider.

Data on Notify is stored and processed in:

• AWS data centres in the EU

• locations where our sub-processors store and process data (EU only)

How long we keep your data

NotifyNL keeps a temporary record of:

• the content of the emails, text messages and letters you send

• recipient email addresses, mobile numbers and addresses

By default, we keep this data for 7 days.

Once your service is live, you can choose the number of days you want Notify to keep details of the messages you send.

For more information, see data retention period.

Who can access your data

Your data could be accessed by:

• the Notify team

• law enforcement agencies (where legally required)

Teams using NotifyNL can only access their own data.

You can set different permissions for each member of your team.

AWS provides logical separation between different AWS customers.

How text messages are stored and processed

Text messages are stored and processed in:

• the European Union only

• the country where the recipient’s phone is

• the phone’s country of origin (for international numbers)

Protecting data in transit

NotifyNL uses Transport Layer Security (TLS) version 1.2 to encrypt data when:

• users access the Notify website or API

• data passes through Notify

• we exchange data with our sub-processors

Emails

We always try to encrypt emails using TLS 1.2, 1.1 or 1.0. If the recipient’s mail server does not support TLS, we will send the email without protection.

Email cannot provide end-to-end encryption.

Text messages

Text messages cannot provide end-to-end encryption.

Protecting data at rest

NotifyNL encrypts the data stored in our databases and backups using AES-256 encryption.

This includes any files that you upload to Notify when you:

• send a batch of messages

• attach pages to a letter template

• upload a letter

Sending files by email

When you upload a file we encrypt it with AWS SSE-C, which uses AES-256 encryption.

We will only share the unique link with the intended recipient. We cannot access or decrypt your file.

For more information about this feature, see send files by email.

Building and managing GOV.UK Notify

We follow an Agile software development lifecycle.

To protect our code, we:

• run separate development, testing and production environments

• deploy code through a continuous integration/continuous delivery (CI/CD) pipeline

• track vulnerabilities for any third-party libraries we use

• store production secrets in a secure environment with audited access

How we manage code changes

To manage NotifyNL we use:

• firewall based VPN access to live services

• multi-factor authentication (MFA)

We manage Notify through the admin.notifyNL.nl website.

AWS manages the hardware we use.

We use infrastructure as code (IaC) to manage the systems and services that host Notify.

All code changes must be reviewed by the team before we can deploy them.

We monitor our production environment for unauthorised changes.

Finding and fixing security issues

NotifyNL

• follows development principes based on the Dutch Government's secure development principles

• tracks third-party dependencies in our code base

• monitors our logs for attacks, misuse and malfunctions

Security incidents

If there is a data loss event, we will contact you directly.

Sign in and API access

Signing in to Notify

NotifyNL uses two-factor authentication for sign-in.

Team members can sign in with a text message code or a link that’s sent in an email.

For security, you’ll need to confirm that you still have access to your email address every 3 months.

Find out more about our sign-in methods.

You must keep to our terms of use for signing in to Notify.

Accessing the NotifyNL API

Services access the NotifyNL API with an API key, encoded using JSON Web Tokens.

For more information, see our API documentation.

Protecting our website and API

The NotifyNL website, API and any files sent by email are protected by:

• AWS Web Application Firewall (WAF)

• AWS Shield Advanced

• rate limiting

We use publicly-verifiable digital certificates, so you’ll always know you’ve connected to the real NotifyNL.

Email security

To help recipient’s email services tell the difference between our emails and spam, we use:

• Domain-based Message Authentication, Reporting and Conformance (DMARC)

• DomainKeys Identified Mail (DKIM)

• Sender Policy Framework (SPF)

NotifyNL staff

We restrict the number of people that can access your data on GOV.UK Notify.

We follow the principle of least privilege. This means we give our team members the lowest level of permissions needed to do their job.

We only give additional access to NotifyNL production environment to privileged users:

• by exception

• on a temporary basis

• in relation to a specific change request or support ticket

Suppliers

NotifyNL uses third-party providers to send emails, text messages and letters.

Suppliers sign a contract or memorandum of understanding that includes our security requirements.