As we all know, true security depends on trust, which is why Ntiva works hard to deliver superior protection and security services for our clients.
To do so, we use industry-leading safeguards and continuously monitor for threats. You can rest easy knowing that your sensitive data is protected 24/7.
Ntiva’s Security Commitment
At Ntiva, our top priority is keeping our customers' data secure. We employ rigorous security measures at the organizational, operational, and policy levels to make sure that your data, applications and infrastructure remain safe.
“Security First” Starts on Day One.
All employees receive security, privacy, and compliance training on their first day of employment. Though the extent of involvement may vary by role, security is everybody’s responsibility at Ntiva.
This commitment to security extends to our executives. Here at Ntiva, our Chief Information Security Officer (CISO) Jerry Craig reports directly to the President and Chief Operating Officer.
The Information Security teams’ primary areas of focus include:
- Security operations and incident response
- Vulnerability and threat management
- Internal controls
- Governance, privacy and compliance
- Information asset management
Personnel Conduct and Security
Ntiva employees are required to conduct themselves in a manner consistent with the company’s guidelines, including those regarding confidentiality, business ethics and professional standards.
Employees are provided with security training at the time of hire and on a regular basis going forward. Security training covers a broad section of topics around security awareness, compliance and privacy.
Physical and Environmental Security
Physical access to Ntiva offices and satellite locations is highly restricted and monitored. All Ntiva offices and satellite locations employ cameras at all entrances and badges are required for access. All offices, Help Desk, and SOC locations have backup power supplies and can operate 24x7x365.
Ntiva has established detailed operating policies, procedures, and processes designed to help manage the overall quality and integrity of our network security environment. These include:
- Vulnerability assessments
- Change management
- Security event management
- Endpoint protection
- Patch management
Logical Access Controls
Role-based access is utilized in all information systems. Processes and procedures are in place to govern access provisioning, access termination (voluntary and involuntary), and periodic entitlement reviews.
All users are provisioned with unique account IDs. Password requirements enforce the use of complex passwords as well as password rotation to protect against unauthorized use of passwords. In addition, all employees have multifactor authentication (MFA) enabled and enforced on their accounts.
Ntiva has a formalized incident response plan and associated procedures in case of a security breach incident. The Incident Response Plan defines the responsibilities of key personnel and identifies processes and procedures for notification. Incident response personnel are trained, and the execution of the incident response plan is tested periodically.
Business Continuity and Disaster Recovery
To minimize service interruption due to technology failure, natural disasters or other catastrophes, we have implemented data backup and disaster recovery programs across all cloud and server environments. These programs include multiple components to minimize the risk of any single point of failure. Access and encryption controls are established to safeguard data backups. All recovery and data restoration plans are tested and updated regularly.
Information Security Policy
Ntiva maintains a documented Information Security policy based upon NIST 800-171 standards that include directives for:
Information Control and Handling.
- Access Provisioning and Review
- Personnel Security and Security Awareness
- Application and System Security
- Network Security
- Vulnerability and Threat Management
- Security Monitoring and Incident Management
- Business Continuity Management
In addition, we explicitly define employee responsibilities and acceptable use of information system resources. Before providing authorized access to Ntiva systems, we receive signed acknowledgment from employees indicating that they have read, understand, and agree to abide by the rules of behavior.
Ntiva’s Privacy Commitment
Ntiva’s privacy program relies on strict policies and procedures regarding access, use, disclosure and transfer of customer data. The core of our privacy program is that Ntiva employees do not access, use, disclose, or transfer customer data unless it is in accordance with a contractual agreement or at the direction of the customer.
In addition, Ntiva provides our clients with the necessary resources and information to help them understand and validate the privacy and compliance requirements for their organization, as well as show how we can help power their compliance efforts.
Ntiva’s Compliance Commitment
Today’s technology leaders are charged with securing and protecting the customer, employee, and intellectual property data of their companies in an environment of increasingly complex security threats. Companies are also responsible for complying with all applicable laws, including those related to data privacy and transmission of personal data, even when a service provider holds and processes a company’s data on its behalf.
Ntiva maintains a formal and comprehensive security program designed to ensure the security and integrity of customer data, protect against security threats or data breaches, and prevent unauthorized access to our customers’ data.
Ntiva is routinely and thoroughly audited by independent third-party organizations and government agencies to ensure our policies and practices comply with global and regional regulations and standards.
Ntiva undergoes regular audits to ensure the requirements of each of the five trust principles are met and that we remain SOC 2-compliant.
For more information on security details please contact our CISO Jerry Craig.