This Security Statement applies to the products, services, websites and apps offered by NPS Desk
NPS Desk values the trust that our customers place in us by letting us act as custodians of their data. We take our responsibility to protect and secure your information seriously and strive for complete transparency around our security practices detailed below. Our Privacy Notice also further details the ways we handle your data.
NPS Desk’s information systems and technical infrastructure are hosted within world-class, SOC 2 accredited data centers. Physical security controls at these data centers include 24x7 monitoring, cameras, visitor logs, entry limitations, and all that you would expect at a high-security data processing facility.
NPS Desk has implemented governance, risk management, and compliance practices that align with the most globally recognized information security frameworks.. In addition, the
Access to NPS Desk’s technology resources is only permitted through secure connectivity (e.g., VPN, SSH) and requires multi-factor authentication. Our production password policy requires complexity, expiration, and lockout and disallows reuse. NPS Desk grants access on a need to know on the basis of least privilege rules, reviews permissions quarterly, and revokes access immediately after employee termination.
NPS Desk maintains and regularly reviews and updates its information security policies, at least on an annual basis. Employees must acknowledge policies on an annual basis and undergo additional training pertaining to job function. Training is designed to adhere to all specifications and regulations applicable to NPS Desk.
NPS Desk conducts background screening at the time of hire (to the extent permitted or facilitated by applicable laws and countries). In addition, NPS Desk communicates its information security policies to all personnel (who must acknowledge this) and requires new employees to sign non-disclosure agreements, and provides ongoing privacy and security training.
Dedicated Security Personnel
NPS Desk has a dedicated Trust & Security organization, which focuses on application, cloud, network, and system security. This team is also responsible for security compliance, education, and incident response.
Vulnerability Management and Penetration Tests
NPS Desk maintains a documented vulnerability management program which includes periodic scans, identification, and remediation of security vulnerabilities on servers, workstations, network equipment, and applications. All networks, including test and production environments, are regularly scanned using trusted third party vendors. Critical patches are applied to servers on a priority basis and as appropriate for all other patches.
We also conduct regular internal and external penetration tests and remediate according to severity for any results found.