Coronavirus (COVID-19) Update: As you know, we are an OSG company. OSG is hosting a COVID-19 Resource Center webpage on their website with corporate announcements and Frequently Asked Questions. By clicking this link you will be taken directly to the OSG COVID-19 Resource Center.
NBS views data security as a critical component to our business. We recognize the importance security plays within all organizations today, therefore we have made security a key element and focal point in the solutions we provide to our clients. NBS has made significant investments in our facilities, technologies and the people required to meet the strictest security standards. Providing data services to tightly regulated industries in the healthcare and financial markets has allowed NBS to become a market leader in the secure management of sensitive data.
We provide a secure building with security controls at every entry point. Once inside our facility, a security card access system controls which areas employees may or may not enter depending on their individual security clearance. Cameras are positioned throughout the facility monitoring activity from multiple viewpoints. All movement is monitored, recorded and retained using camera and security access recorders.
All business-critical servers operate from within our secured computer room. We utilize the latest technologies in gas fire suppression, redundant cooling systems, and temperature monitoring services. Electrical power is maintained with battery backup (UPS) Uninterruptible Power Systems. NBS owns and operates an onsite diesel generator system. The generator provides substantial electrical power, supporting our entire facility for an extended period in the event of a major power outage.
Telecommunication and internet services are delivered through multiple telecommunications providers and circuits. Our telecommunication providers feed multiple entry points at different ends of our facility. This design provides both flexibility and fault tolerance in our telecommunication capabilities. Our facility has been carefully architected to be both secure and fault tolerant.
NBS performs background checks on all new hires. Additionally, we perform drug testing and other background testing as required in special high security projects. Employees receive ongoing security awareness training as well as specialized security training in their respective work areas. NBS requires employees adhere to formal security policies and procedures which are documented and supported by NBS management.
Our computers and Microsoft active directory network are tightly managed and controlled. We employ our own IT staff, available 24x7 to manage and quickly respond to any issue that could arise. Some of the required security controls include: Hardened servers, Multi-tiered firewalls, DMZ configurations, IDS Intrusion Detection Systems, automatically updated Antivirus engines running at both the server and workstation. We work to provide the highest level of security and protection for all data residing on our systems.
Users have access only to data which they are responsible. Network and workstations require complex passwords to gain access. Passwords are routinely changed. NBS promotes using current software and new version updates once they have been tested and proven reliable. Utilizing the latest hardware and software technologies allows us to meet the strictest security measures.
We understand our business partners may sometimes require special security solutions to meet their specific needs. NBS supports all leading encryption protocols including government and NSA approved 256-bit AES, PGP, and Triple DES encryption. We support secure VPN, dedicated telecommunication circuits, and secure FTP protocols. In certain cases, we provide dedicated solutions to meet specific needs required by our customers.
Recognizing industry regulations such as the Gramm-Leach Bliley Act, the Sarbanes-Oxly Act, and the Health Insurance Portability and Accountability Act (HIPAA), we understand our client’s need for increased focus on internal controls and security. NBS is committed to providing solutions which meet our client's security requirements. As part of our commitment, NBS has met SSAE-16 control standards and obtained a SSAE SOC2 type II certification which confirms the requirements have been met. Additionally, NBS performs formal review and auditing of our company’s internal controls and security practices on an ongoing basis. Annually, we perform formal independent third-party security auditing of our security policies, procedures and network. Daily, we review, monitor and manage any critical alerts which occur. Our monitoring systems log and report any alert status immediately to our 24x7 IT staff. Several of our locations process customer’s payments. In these locations, we adhere to the PCI standards and have quarterly scans of our servers as part of the PCI program.
Continuous testing and monitoring practices allow us to demonstrate and report our ability to meet and exceed industry best practices. We are committed to providing our valued business partners with a secure data environment, meeting and exceeding their needs.
Disaster recovery (DR) is an area of significant importance to NBS. With multiple facilities throughout the United States, we have positioned NBS to continue our business operations in the event of a disaster. We perform a nightly backup of all production servers. Backup tapes are stored offsite at Iron Mountain in a secure, climate controlled, storage facility designed specifically for this purpose.
All business-critical production equipment and computer systems have been carefully designed with redundancy in place. We have redundant systems ready to take over in the event of a primary system failure. Redundant equipment provides NBS and our partners the highest level of fault tolerance possible. NBS also has been a leader in the use of virtual server technology. Virtual servers provide additional solutions where high availability is required.