SC.03 — Data Protection#
System: AI Connectors Platform Last updated: 2026-04-29
This document describes how the AI Connectors platform fulfils the SC.03 control category.
Control Attestation Table#
| Control | Description | Status | Evidence |
|---|---|---|---|
| CTRL0537482 — SC.03.01 | Protect information using defined controls (encryption in transit, TLS 1.2+, cryptographic algorithms per industry standards) | Compliant | All data paths use HTTPS with TLS 1.2+ minimum at external boundaries; internal VPC traffic is over private subnets with no internet exposure. See data-storage-encryption.md section 2 for full TLS policy table. |
| CTRL0537516 — SC.03.02 | Protect information at rest (encryption at rest, controlled access, data lifecycle planning, approved cryptographic algorithms) | Compliant | All persistent data stores (DynamoDB, S3, SSM) are encrypted at rest using AWS-managed KMS keys. Graph API response content is never persisted (in-memory only). Retention policies are defined for all stored data. See data-storage-encryption.md sections 3 and 4. |
| CTRL0537494 — SC.03.03 | Disposing of data-carrying media (data deletion, secure destruction) | Compliant | Platform has no physical media ownership — all data storage is cloud-native (ECS Fargate ephemeral, S3, DynamoDB). Data is automatically deleted via DynamoDB TTL and S3 lifecycle policies. See data-storage-encryption.md section 4 and privacy-gdpr.md section 2 for retention and deletion methods. |
| CTRL0537531 — SC.03.04 | Address the need for additional data protection (regulatory requirements) | Compliant | GDPR requirements documented in privacy-gdpr.md. Data Processing Addenda with AWS and Microsoft in place. Sensitivity label filtering applied for SharePoint and Outlook MCPs. See data-storage-encryption.md section 6 for regulatory considerations. |
| CTRL0537485 — SC.03.05 | Data Loss Prevention (DLP) — detect and prevent unauthorised disclosure of confidential data | Compliant — compensating controls | AI Connectors is a stateless proxy — no confidential data is stored by the platform. DLP is implemented through sensitivity-label-based content filtering (SharePoint allowlist, Outlook denylist), Azure AD OBO token scoping, and in-memory-only Graph API processing. See access-management.md §8 and data-storage-encryption.md §4. |
| CTRL0537502 — SC.03.07 | Store secrets such as private keys securely (key vault, strict access controls, secret rotation) | Compliant | All Azure AD client secrets stored in AWS SSM Parameter Store as SecureString (KMS-encrypted). Secrets are never in code, container images, or logs. Access is restricted to ECS task IAM roles. See data-storage-encryption.md section 3 for storage details; iam-rbac.md for IAM least-privilege policy. |
Security Controls Reference#
CTRL0537482 — SC.03.01: Protect information using defined controls#
Control Text: Protect information by using data protection tools and techniques, such as encryption, when transmitted over open lines (including lines shared with other companies). Use cryptographic algorithms according to industry standards and best practices.
Applicability: Basic IT Security Requirement.
Additional Description
When sending or receiving data:
- Always encrypt over open lines.
- For strictly confidential data, always encrypt.
- All NN data shared over any network (including CORP and closed lines) should be encrypted.
IT solutions must protect data in accordance with its classification as defined in "Protecting and Handling Information" (Q190751).
Encryption in transit: - Use TLS for data transmission. Default to TLS 1.3 (with TLS 1.2 as fallback); disable all other protocols. - Follow GIS recommendations on the "TLS Guidelines for Novo Nordisk" page. - When transmitting over the internet, use only HTTPS, SFTP, or SSH.
Protecting PII: Consider data masking, pseudonymization, or anonymization techniques to hide sensitive data such as PII. When using these techniques, verify that data has been adequately protected. Refer to the NIST guidance on De-Identification of Personal Information and the Information Classification and Protection toolbox.
For guidelines on approved algorithms and key sizes, refer to "Guideline for Use of Cryptography in Novo Nordisk".
Detailed Description
The platform enforces encryption-in-transit across all external boundaries using HTTPS with TLS 1.2 as the minimum protocol version and TLS 1.3 as the preferred version. All client communication terminates at an AWS Application Load Balancer configured with ACM-managed wildcard certificates that auto-renew before expiry. Platform-to-external-service communication to Azure AD and Microsoft Graph uses HTTPS with TLS 1.2 or higher, enforced by Microsoft's infrastructure. Internal AWS service communication flows over HTTPS via VPC endpoints. The single exception is ALB-to-ECS traffic within the VPC, which uses HTTP/80 within private subnets with no internet gateway, accepted because the VPC provides network-layer isolation and all external boundaries remain encrypted.
Implementation Considerations
- data-storage-encryption.md §2 — TLS policy and encryption in transit
CTRL0537516 — SC.03.02: Protect information at rest#
Control Text: Protect information at rest by using data protection mechanisms, such as encryption, masking, or storage area restriction policies. Consider data lifecycle planning including deletion policies and data redundancy in multiple geographical locations. Use cryptographic algorithms according to industry standards and best practices.
Applicability: Basic IT Security Requirement.
Additional Description
Data at rest must be stored using protective measures in accordance with its classification as defined in "Protecting and Handling Information" (Q190751).
Confidential and Strictly Confidential data must be: - Stored on drives or databases with controlled access and permissions. - Encrypted at rest using industry best practices. Consult "Guideline for Use of Cryptography in Novo Nordisk" for approved algorithms and key sizes. - Destroyed in a way that ensures it cannot be restored. - Subject to additional procedures for external access (see Q190751).
Apply protection at multiple layers: Avoid excessive trust in the IT service provider's ability to protect data at all times. Ensure a sufficiently layered security model is implemented. For example, lack of database encryption can expose data to application supporters, DBAs, OS administrators, storage administrators, and backup administrators. Assess where and how to implement encryption as part of the IT solution architecture review.
End-user considerations: The solution manager should evaluate whether specific end-user guidance is needed (e.g. acceptable use policies), such as informing users they are not allowed to email information extracted from the system.
Consult the Cryptography Toolbox for further recommendations on using encryption in Novo Nordisk.
Detailed Description
The platform protects all persistent data at rest using AWS-managed KMS encryption. Every data store containing Confidential or Strictly Confidential information is encrypted using AWS Key Management Service managed keys, implementing defense-in-depth by layering access controls with cryptographic controls. DynamoDB tables for OAuth tokens use the AWS-managed KMS key, SSM Parameter Store secrets are stored as KMS-encrypted SecureStrings, and S3 buckets use SSE-S3 (AES-256) encryption. Most critically, Microsoft Graph API response content is never persisted by the platform — all Graph API data is processed in-memory within the ECS container, returned to the caller, and discarded when the request completes, eliminating the largest category of data-at-rest risk.
Implementation Considerations
- data-storage-encryption.md §3 — encryption at rest for all data stores
- data-storage-encryption.md §4 — retention and lifecycle policies
CTRL0537494 — SC.03.03: Disposing of data-carrying media#
Control Text: When disposing of data-carrying media (for instance disks and USB drives) ensure that data is deleted and cannot be restored. If deletion of data is not possible, destroy the data media.
Applicability: Basic IT Security Requirement.
Additional Description
Equipment containing strictly confidential or confidential data on non-encrypted media must be physically destroyed. Full re-encryption of encrypted media is considered equivalent to destruction.
- Follow NIST SP 800-88 or other recognised information deletion methods for other geographical areas.
- For Novo Nordisk-managed hardware, refer to the Secure Computer Disposal page. In Denmark, equipment can be dropped off at the IT Recycling Centre, which ensures correct data disposal.
Detailed Description
The platform has no physical media ownership or persistent local storage, eliminating traditional media disposal risks. The architecture is 100% cloud-native, relying exclusively on AWS managed services and Microsoft 365 cloud storage, with physical media owned and managed by AWS and Microsoft under SOC 2 and ISO 27001 certifications. Data disposal obligations are limited to logical deletion within cloud services through automated lifecycle policies. ECS Fargate provides ephemeral compute with no persistent filesystem, DynamoDB implements automatic TTL deletion for OAuth tokens, and S3 lifecycle policies permanently delete audit logs after 365 days. Microsoft Graph API responses are processed in-memory only and never persisted, requiring no disposal procedure.
Implementation Considerations
- data-storage-encryption.md §4 — retention and deletion methods
- privacy-gdpr.md §2 — GDPR data deletion procedures
CTRL0537531 — SC.03.04: Address the need for additional data protection#
Control Text: Address the need for additional IT security controls due to IT System specific regulatory requirements and add those to the IT security control requirements.
Applicability: The supported business process is subject to other regulatory requirements.
Additional Description
IT solutions may be subject to additional requirements not covered by the IT Risk Assessment tool. These could include local regulatory requirements (e.g. GDPR, HIPAA) or controls related to the specific business process area the IT solution supports.
The IT Risk Assessment tool has a built-in section specifically dedicated to documenting these additional requirements or controls.
Detailed Description
The platform is subject to GDPR as it processes personal data of EU-based Novo Nordisk employees, implementing privacy-by-design principles through minimal data collection, limited retention, and technical controls. Data Processing Addenda are in place with AWS, Microsoft, and Snyk, with all platform-owned data residing in the eu-central-1 region and no cross-border transfers outside EU/EEA. The platform implements sensitivity label filtering for SharePoint and Outlook MCPs, redacting content above the configured threshold and returning only metadata. Privacy-by-design is embedded through in-memory-only Graph API processing, TTL-based token deletion, minimal audit log PII, and support for GDPR data subject rights via audit log query and deletion procedures.
Implementation Considerations
- privacy-gdpr.md — full GDPR compliance documentation
- data-storage-encryption.md §6 — regulatory data protection controls
- audit-logging.md — GDPR audit trail procedures
CTRL0537485 — SC.03.05: Data Loss Prevention (DLP)#
Control Text: If relevant and possible, implement Data Loss Prevention (DLP).
Applicability: Confidential, Strictly Confidential or personal data is stored, processed or transferred. Critical or Major impact of Confidentiality breach.
Additional Description
The purpose of DLP is to detect and prevent the unauthorised disclosure and extraction of information by individuals or systems. DLP typically covers:
- Securing data in transit — encryption and access controls on data leaving the system (see SC.03.01)
- Securing data at rest — encryption and lifecycle management for stored data (see SC.03.02)
- Destroying data — secure deletion at end of retention period (see SC.03.03)
- User education — communicating to users that confidential data must not be shared with third parties without approval
For Strictly Confidential information, DLP controls are mandatory. For Confidential information, the decision is based on gross impact and likelihood in the risk assessment.
Detailed Description
AI Connectors is a stateless proxy — all Graph API responses are processed in-memory and discarded immediately, so no confidential or personal data is stored by the platform. Sensitivity-label-based content filtering acts as the primary DLP control: the SharePoint MCP enforces an allowlist of permitted labels, and the Outlook MCP enforces a denylist of blocked Strictly Confidential label GUIDs, with body content redacted and only metadata returned when a label is blocked. Access is further constrained by the Azure AD OBO flow, which ensures users can only retrieve data they are themselves authorised to see in the underlying system. Client-side copy/paste controls are out of scope for the platform and are the responsibility of the NN endpoint DLP tooling.
Implementation Considerations
- access-management.md §8 — sensitivity-based access filtering (SharePoint allowlist, Outlook denylist)
- data-storage-encryption.md §4 — in-memory-only processing and no persistent business data storage
- privacy-gdpr.md — GDPR data minimisation controls
CTRL0537502 — SC.03.07: Store secrets such as private keys securely#
Control Text: Store secrets such as private keys, sensitive configuration data, API keys, and cryptographic materials in a secure location with strict access controls, such as a secure key vault, a cloud-based secrets manager, or a hardware security module (HSM). Implement mechanisms to rotate secrets at defined intervals or upon certain triggers.
Applicability: Basic IT Security Requirement.
Additional Description
The secure storage and management of secrets is a critical aspect of IT security. Key principles:
- Use a secure location with strict access controls. Approved solutions include the Novo Nordisk Privileged Identity Management (PIM) solution and native cloud services such as AWS Secrets Manager or Azure Key Vault.
- Adhere to industry standards for cryptographic key lifecycle management. Consult the "Guideline for Use of Cryptography in Novo Nordisk" for approved algorithms and key sizes.
- Automate the creation, distribution, rotation, and revocation of keys and secrets to the extent possible.
- Validate the proper usage of certificates regularly. Automate renewal well before expiry to avoid service disruptions. The Novo Nordisk PKI supports this.
- Alert on upcoming certificate expirations and automate the purging of expired certificates.
- Ensure new certificates are validated and deployed seamlessly without manual intervention.
This control applies to both on-premise and cloud environments and is technology-neutral.
Detailed Description
The platform stores all cryptographic secrets exclusively in AWS Systems Manager Parameter Store using the SecureString type, which mandates KMS encryption at rest. Secrets are never embedded in source code, container images, logs, or configuration files — only SSM ARNs are referenced. Secrets are generated and managed exclusively via Terraform, with values never displayed, logged, or stored in Terraform state. IAM least-privilege policies scope each ECS task execution role to access only its own SSM parameters, preventing cross-MCP secret access. Secret rotation is performed every 24 months via Terraform automation, requiring no manual intervention or ServiceNow tickets.
Implementation Considerations
- secrets-management.md — secret storage, generation, rotation procedures
- data-storage-encryption.md §3 — SSM encryption details
- access-management.md — IAM least-privilege policies for secret access