Security & Privacy

NGC’s security and privacy best practices include the following and more:

• Build and Maintain a Secure Network – Network segmentation, intrusion detection system, firewalls
• Protect Customer Data – Limit customer data storage and retention, one-way salted hash passwords with multiple iterations of key derivation, browser CSP, strong cryptography, encrypt data in transit and at rest, key protection, proper key management
• Maintain a Vulnerability Management Program – End point detection and response, secure SDLC, change control processes, vulnerability patching program, security.txt
• Implement Strong Access Control Measures – Principle of least privelege, Multi Factor Authentication for device and remote access, 24x7 facility entry controls and surveillance monitoring
• Regularly Monitor and Test Networks – Monitor privileged access, audit trails and logging, internal and external vulnerability scans quarterly, and penetration tests
• Maintain an Information Security Policy – Including annual process for policy review and formally assessing risks once a year
• Incident Response – Plan, policy and annual tabletop practice
• Staff Security – Background checks
• Training – Formal security awareness program
• Business Continuity/Disaster Recovery Planning – Business impact analysis and annual tabletop exercise
• Privacy Program – Training employees about rights and obligations regarding collection, use, disclosure, and disposal of personal information