Security & Compliance by Design

Security is at the core of what we do. Narmi understands our platform handles sensitive data 24/7/365 and we have a responsibility to our customers and their end-users to keep this data safe.

Request a demo to learn more:

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Narmi's cloud-native infrastructure provides a highly available, scalable, and secure solution for  financial institutions of all sizes. Narmi seamlessly integrates with core banking systems via secure and redundant connections.

"Being digital-first comes with a great deal of responsibility. Uptime percentages must be met. Systems must be reliable and architectured robustly and securely. Downtime is not acceptable. New releases must be frequent yet bug-free. I'm happy to say Narmi delivers on all of this and more."

Tim Greim
SVP/Chief Information Officer, Freedom Credit Union
Freedom CU Case Study

Single Tenant Architecture & Deployments

Narmi leverages a combination of single-tenant environments and automated deployment tools ensuring customers enjoy maximum success with our Platform. Customers can scale independently and maintain data integrity via siloed databases. Deploys are done quickly and independently of our other customers - keeping financial institutions in charge of their digital banking platforms at all times.

Zero downtime deployments allow for more regular releases
Configuration changes often require no intervention from Narmi
Siloed databases for each financial institution

Secure & Optimized Hosting with Amazon Web Services (AWS)

Narmi uses Amazon Web Services (AWS) as its hosting provider. In addition to numerous security, compliance and architectural benefits, Narmi’s relationship with AWS maximizes our platform’s integrity to ensure the highest levels of customer satisfaction.

Redundant data storage across multiple zones
Automatic failover capabilities
Advanced DDoS protection

Singular, Underlying Narmi Abstraction Layer

The ability to integrate with industry-leading core banking systems is a defining feature of our offering. No two core banking system API interfaces are the same, but Narmi abstracts the nuances of each system into a single, consistent API. This allows us to write platform code on top of any core banking system, ensuring all of our customers benefit from the features and products we build irrespective of their systems.

Empowers Narmi to easily work with any core banking system
Bug fixes can be rapidly deployed
Allows others to use the Narmi API (FinTechs, developers, financial institutions, etc.)
Interested in the Narmi API?
Learn more here

24/7/365 Monitoring & Support

Financial institutions expect constant monitoring of any digital banking platform. Narmi uses a combination of best-in-class monitoring tools such as Elasticsearch, Sentry and CloudWatch to ensure our customers achieve the highest level of uptime. Logs, process metrics, and system data are all available via centralized tools to allow for maximum utility and visibility.

Constant uptime and downtime monitoring
Guaranteed SLAs
Proactive response to security incidents (e.g. DDoS attacks)

Additional Security Features

Application Security

Security scanning as part of code merge processes
Enforced modern TLS versions to protect against man-in-the-middle attacks
Clickjacking protection via appropriate HTTP headers

Change Management

Robust onboarding and offboarding policies for Narmi employees
Use of internal staging environments, customer-specific testing environments and production environment
Dual-review process required on every code change
Granular permissioning to control individual authorization and authentication by code repository

Privacy & Confidentiality

Classification system enforces various levels of sensitivity for different types of data
Various instances of data encryption through the Narmi Platform
Monitoring of physical devices issued to company employees

Third-Party Due Diligence

All third-parties reviewed at least annually
All connections and data in transit between the Narmi Platform and third-parties are encrypted
SLAs negotiated with key third-parties

Compliance Certification

Every production environment meets the most stringent security and compliance standards, including an annual SOC 2 assessment conducted by an independent auditing firm.

From GLBA data-sharing restrictions to FFIEC Authentication requirements, we speak the same language as your compliance officers.

Interested?

Request a demo to learn more:

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.