Skip to Content
Nemu Inc.
Endpoint Security💻 Endpoint Configuration Standards

💻 Endpoint Configuration Standards

1. Purpose

This document defines endpoint security configuration standards for devices used to access Nemu Inc.’s systems and data.

2. Scope

Applies to:

  • Company-managed laptops and workstations.
  • Personally owned devices used for work (where permitted).

3. Baseline Security Requirements

Endpoints used for accessing internal or customer data should:

  • Enable full-disk encryption (e.g., FileVault, BitLocker).
  • Use strong authentication (password + device unlock methods).
  • Have an up-to-date operating system with current security patches.
  • Run anti-malware or endpoint protection software where appropriate.
  • Auto-lock after a period of inactivity.

4. Configuration Standards

  • Browsers are kept updated to current versions.
  • Sensitive console access (Supabase, Render, Google Admin) is performed from trusted devices only.
  • Access to local databases or logs containing Confidential data is restricted and removed when no longer needed.

5. Audit Evidence

  • Device configuration documentation or MDM policies (if used).
  • Screenshots verifying encryption and auto-lock settings.
  • Records of OS patching and security tool usage.

6. Mobile & Endpoint Security

6.1. Mobile Device Management Program

Nemu Inc. maintains an endpoint security standard that requires all company-owned and approved BYOD devices to follow defined security configurations. These standards are documented, approved by management, and communicated to all relevant team members.

M.1.9 — Weekly Identification of Devices Without Anti-Virus

Yes. All endpoints must use built-in OS-native protections (macOS XProtect/Gatekeeper, Windows Defender) or approved alternatives. Devices are reviewed weekly to ensure anti-malware functionality is enabled and active.

M.1.19 — Monthly Application of High-Risk Security Patches

Yes. All company devices must apply security patches automatically. High-risk patches are verified at least monthly, and non‑compliant endpoints are not allowed to access Scoped Data systems.

M.1.24 — Controls Protecting Scoped Data on Portable Devices/Media

Yes. Scoped Data is protected using full‑disk encryption (FileVault or BitLocker), and portable media is not used for storing sensitive information. Local storage of Confidential data is removed when no longer required.

M.1.27 — Software Installation Restricted to Administrators

Yes. Installation of software on company-owned equipment is restricted to administrative users only. Unauthorized software installation is prohibited.

M.1.28 — Use of Virtual Desktop Infrastructure (VDI)

No — not required. Nemu does not use VDI because all Scoped Data access is protected through RLS‑secured Supabase databases, strong authentication, encrypted devices, and strict endpoint policies.

M.1.30 — Use of MDM Technology for Company-Owned or BYOD Devices

Partially. Nemu enforces MDM‑equivalent controls through documented device configuration standards, periodic verification, and access restrictions. A full MDM suite may be adopted as the team scales.

6. Compliance Mapping

  • SOC 2: CC6.6
  • ISO 27001:2013: A.11.2.1, A.11.2.8

Contact: support@mynemu.com
© 2025 Nemu Inc.. All rights reserved.

Last updated on
Endpoint SecurityHuman Resources Security