SAS 70, Type II Information
As vendor to 24 of the nation’s 50 largest financial institutions, NCP is subject to extensive data security requirements. Many of these organizations routinely require periodic security audits under which expert security engineers conduct personal on-site inspections of NCP’s physical, technical and procedural security systems and controls. NCP meets the strictest of these audit standards.
To credibly assure our clients they can use our services with confidence and to simplify their compliance with legal and audit requirements, NCP has completed a SAS 70 Type II examination and received an unqualified opinion. The examination, conducted by Ernst & Young LLP, addresses NCP’s Birmingham and Jacksonville facilities and has been renewed annually since 2004. > more about SAS 70
The Type II form of SAS 70 examination is the most stringent form, and includes rigorous tests by an independent auditor of specified controls in order to provide a measure of assurance that related control objectives were achieved. The specific control objectives to be examined were defined by NCP and the auditors to include matters clients consider most valuable.
NCP maintains policies and procedures governing
information security that address the following areas, among others:
- Account Management/Access
- Audit
- Backup
- Change Management
- Disaster Recovery
- Encryption
- Fault Tolerance
- Intrusion Detection and Response/Firewalls
- Activity Logging
- Network Design
- Organization
- Remote Access
- Risk Assessment
- Separation of Duties
- Software Maintenance
- System Hardening
- Human Resources Policy
- Physical Security
- Security for Portable Systems
