DATA SECURITY AT NBS

Certified SSAE 16 Type IIOur Commitment: NBS views data security as a critical component to our business. We recognize the importance security plays within all organizations today, therefore we have made security a key element and focal point in the solutions we provide to our clients. NBS has made significant investments in our facilities, technologies and the people required to meet the strictest security standards. Providing data services to tightly regulated industries in the healthcare and financial markets has allowed NBS to become a market leader in the secure management of sensitive data.

Our Facilities: We provide a secure building with security controls at every entry point. Once inside our facility, a security card access system controls which areas employees may or may not enter depending on their individual security clearance. Infrared cameras are positioned throughout the facility monitoring activity from multiple viewpoints. All movement is monitored, recorded and retained using camera and security access recorders.

All business critical servers operate from within our secured computer room. We utilize the latest technologies in gas fire suppression, redundant cooling systems, and temperature monitoring services. Electrical power is maintained with battery backup (UPS) Uninterruptible Power Systems. NBS owns and operates an onsite diesel generator system. The generator provides substantial electrical power, supporting our entire facility for an extended period of time in the event of a major power outage.

Telecommunication and internet services are delivered through multiple telecommunications providers and circuits. Our telecommunication providers feed multiple entry points at different ends of our facility. This design provides both flexibility and fault tolerance in our telecommunication capabilities. Our facility has been carefully architected to be both secure and fault tolerant.

Our Employees: NBS performs background checks on all new hires. Additionally, we perform drug testing and other background testing as required in special high security projects. Employees receive ongoing security awareness training as well as specialized security training in their respective work areas. NBS requires employees adhere to formal security policies and procedures which are documented and supported by NBS management.

Our Technology: Our computers and Microsoft active directory network are tightly managed and controlled. We employ our own IT staff, available 24x7 to manage and quickly respond to any issue that could arise. Some of the required security controls include: Hardened servers, Multi tiered firewalls, DMZ configurations, IDS Intrusion Detection Systems, automatically updated Antivirus engines running at both the server and workstation. We work to provide the highest level of security and protection for all data residing on our systems.

Users have access only to data which they are responsible. Network and workstations require complex passwords to gain access. Passwords are routinely changed. NBS promotes using current software and new version updates once they have been tested and proven reliable. Utilizing the latest hardware and software technologies allows us to meet the strictest security measures.

We understand our business partners may sometimes require special security solutions to meet their specific needs. NBS supports all leading encryption protocols including government and NSA approved 256 bit AES, PGP, and Triple DES encryption. We support secure VPN, dedicated telecommunication circuits, and secure FTP protocols. In certain cases we provide dedicated solutions to meet specific needs required by our customers.

Recognizing industry regulations such as the Gramm-Leach Bliley Act, the Sarbanes-Oxly Act, and the Health Insurance Portability and Accountability Act (HIPAA), we understand our client’s need for increased focus on internal controls and security. NBS is committed to providing solutions which meet our client's security requirements. As part of our commitment, NBS has met SAS70 control standards and obtained a SAS70 type II certification which confirms the SAS70 Type II requirements have been met. Additionally, NBS performs formal review and auditing of our company’s internal controls and security practices on an on going basis. Annually, we perform formal independent third party security auditing of our security policies, procedures and network. Quarterly, we perform penetration testing. Daily, we review, monitor and manage any critical alerts which occur. Our monitoring systems log and report any alert status immediately to our 24x7 IT staff.

Continuous testing and monitoring practices allow us to demonstrate and report our ability to meet and exceed industry best practices. We are committed to providing our valued business partners with a secure data environment, meeting and exceeding their needs.

Disaster Recovery: Disaster recovery (DR) is an area of significant importance to NBS. With multiple facilities in Minnesota, Portland and Chicago we are positioned to continue our business operations in the event of a disaster. We perform a nightly backup of all production servers. Backup tapes are stored offsite at Iron Mountain in a secure, climate controlled, storage facility designed specifically for this purpose.

All business critical production equipment and computer systems have been carefully designed with redundancy in place. We have redundant systems ready to take over in the event of a primary system failure. Redundant equipment provides NBS and our partners the highest level of fault tolerance possible. NBS also has been a leader in the use of virtual server technology. Virtual servers provide additional solutions where high availability is required.

NBS has a formal disaster recovery partnership with SunGard Availability Services. SunGard, a national company who specializes in disaster recovery solutions was identified as a strategic solutions provider who would add value to our DR strategy. NBS manages and operates an NBS hot site from within a SunGard facility. SunGard provides additional safeguards and protective layers to our overall DR solution. With the many DR options we have in place, NBS can provide custom hot sites as well as other Disaster Recovery solutions specific to a clients needs. This is often seen as a cost effective solution for those clients who may be seeking their own disaster recovery solution.

Gramm-Leach Bliley Act

Also known as the 'Financial Services Modernization Act of 1999'.

Sarbanes-Oxly Act

Also known as the 'Public Company Accounting Reform and Investor Protection Act'.

HIPAA

Also known as the 'Health Insurance Portability and Accountability Act'.