Security-First™

Learn how NFS operates on the leading edge of data security.

 

NFS has partnered with enterprise technology firm, Maslow to deploy the Security-First™ Framework across the entire organization, providing our clients with the assurance that their sensitive information is handled with the utmost care and security.

What does that mean for you?

  1. Enhance Data Security: Implementing advanced encryption and multi-factor authentication to safeguard client information.

  2. Improve Threat Detection: Utilizing state-of-the-art monitoring tools to identify and mitigate potential security threats in real-time.

  3. Enforced Compliance: Aligning with the latest industry standards and regulations, including ISO 27001 Certification and adherence to the same compliance requirements as FedRAMP High, ITAR/EAR, and DOD SRG.

  4. Data Sovereignty: Ensuring that your data never leaves the USA and access is limited to vetted US citizens.

To ensure a secure environment for our office, we implemented several Security-First™ controls designed to prevent unauthorized access, theft, damage, and disruption to information processing facilities and information. We established physical boundaries around sensitive areas, such as fences, walls, or gates, to deter unauthorized access. We also implemented measures to restrict access to secure areas, such as key cards and security personnel. Individual offices and rooms are now protected with locks, alarms, or other security measures. We implemented measures to protect against natural disasters, fire, and other environmental hazards. Procedures for working in secure areas were established, such as clean desk policies and restrictions on the use of personal devices. Controls for public access areas, such as public access areas and entrances, were implemented to prevent unauthorized access to sensitive information. Secure locations for equipment were chosen, and measures were implemented to protect it from theft, damage, or unauthorized access. The security of supporting services, such as power, water, and HVAC systems, was ensured to prevent disruptions to information processing. We implemented procedures for securely disposing of or reusing equipment to prevent sensitive data from falling into the wrong hands. Equipment used off-site, such as laptops or mobile devices, was protected with measures such as encryption and access controls. Again, the security of supporting services, such as power, water, and HVAC systems, was ensured to prevent disruptions to information processing. We implemented measures to control environmental factors, such as temperature and humidity, to protect equipment and information. Procedures for maintaining equipment and facilities were established to ensure their continued security and reliability. Procedures for handling and storing information media, such as hard drives and tapes, were implemented to prevent unauthorized access or damage. Finally, we implemented policies to ensure that sensitive information was not left visible on desks or computer screens when employees were away from their workstations.