• Software Development Practices
  • Development Process
  • Change Management
  • Release Management
• Account Security
  • Authentication
  • Authorization

Software Development Practices

Development Process

Narrative Science maintains documented Systems Development Life Cycle (SDLC) policies and procedures that govern the design and implementation of application and infrastructure changes. We use test-driven development (TDD), quality assurance (QA), and code review processes to maintain standards for product quality, security and user experience.

Change Management

Narrative Science documents and tracks new product capabilities and enhancements via user stories and automated tests.  We use GitHub to maintain source code versions, track changes, and facilitate our mandatory code review process. All code is both peer-reviewed and reviewed by a code owner before it can be released. 

Release Management

Narrative Science follows stringent, documented processes for deploying through various environments. No customer data is ever used in lower-level development environments. We have a separate process for emergency changes (security patches, etc.) to ensure that even during urgent updates we do not introduce unintended bugs that could affect performance, availability, or security.

A series of automated tests must be completed successfully before a release is promoted to production. Systems are built from an immutable Docker image that is used in a lower environment. If testing passes, that same immutable image is used in production systems.

All changes and associated approvals are ticketed and connected documents retained as proof that proper all of the procedures were followed. Business units approve each feature or initiative prior to it being developed and included in a release. Each code commit includes the issue tracking number that correlates with the approved work.

On a regular cadence, we run static code analysis scanning tools to ensure packages are up to date and issues accounted for. This results in a dependency/vulnerability artifact that we document and store to ensure there are no regressions.

Account Security

Authentication

Lexio leverages Auth0 for identity management and user access logging. User account credentials are stored securely by Auth0. Credentials are never logged or stored in Lexio.  Our authentication systems block brute force attacks and other suspicious activity.

Native Lexio passwords must contain lower-case and upper-case letters, numbers, and special characters; must be at least 8 characters long; must not be a dictionary word or simple pattern, and must not be included in the history of the last 5 passwords.  If a form of SSO is being used, password policies will match your authentication provider.  

2FA/MFA is available, as is single sign-on.  Please work with your Narrative Science representative if you are interested in either of these options.

Authorization

Security is built into Lexio from the ground up. Each customer's data is stored in its own table and users must be authorized to see your account or the information it contains, ensuring that your data remains separate and protected.