Nex-Tech encourages all entities to have a multi-tiered cyber security stance that includes; Training, Cyber Products, Backup and Cyber Insurance.
- Nex-Tech provides cybersecurity awareness training to all employees via company meetings, departmental meetings, new employee orientations and corporate intranet posts.
- Nex-Tech tests employees on social engineering attacks and identity theft.
- Nex-Tech has an internal team of professionals focused on cybersecurity representing various areas of the company.
- Nex-Tech technicians receive training on cybersecurity tools and techniques.
- Nex-Tech conducts internal attack simulations for various cybersecurity scenarios. Nex-Tech participates in multiple peer cybersecurity information sharing groups across two different critical sectors.
- Cybersecurity responsibilities are documented in job descriptions.
- Regular updates are provided to Nex-Tech’s management team and board.
- Nex-Tech’s Employee Handbook documents company policies, procedures, and controls related to information security.
- Nex-Tech has a documented Emergency Response Plan which includes cybersecurity incident response as well as other disaster recovery processes. A redacted copy can be provided to existing or prospective customers under an NDA upon request.
- Nex-Tech follows AICPA Trust Services Criteria and undergoes an annual SOC 2 Type 1 compliance audit by a third-party auditing firm. A copy can be provided to existing or prospective customers under an NDA upon request.
- Nex-Tech utilizes the NIST framework as a guide for its cybersecurity program.
- Nex-Tech follows PCI compliance standards for handling personal cardholder data.
- Nex-Tech utilizes HIPAA controls when working with medical providers and other entities who maintain Protected Health Information.
- Nex-Tech can provide a signed BAA (Business Associate Agreement) to existing customers upon request.
- Nex-Tech utilizes CJIS controls when providing service to law enforcement agencies, courts, and other governmental entities who maintain Criminal History Record Information.
- Nex-Tech can provide CJIS security addendums signed by technicians upon request.
- Nex-Tech maintains cybersecurity insurance. A certificate of insurance can be provided to existing customers upon request.
- Nex-Tech offices are protected by physical security, surveillance, and access control systems.
- Nex-Tech utilizes a robust suite of cybersecurity tools for protection, detection, and response.
- Nex-Tech enforces complex passwords and multi-factor authentication whenever available.
- Nex-Tech incorporates role-based security with least privilege principles for network and application system access.
- Nex-Tech considers Zero Trust principles for internal and external facing systems where applicable.
- Nex-Tech strives to encrypt sensitive data in transit and at rest whenever possible.
- Nex-Tech has implemented a formal vulnerability management program utilizing external scans from multiple third parties and internal scans using the latest scanning tools.
- Nex-Tech regularly patches network and computer systems.